Skip to content

Improve Network Policy setup & doc #2491

New issue
New issue
Closed
Feature
#2497
Closed
Improve Network Policy setup & doc#2491
Feature
#2497
Assignees
jotak
@jotak

Description

@jotak
jotak
opened on Feb 24, 2026

When the OVN-Kubernetes CNI is detected, a network policy is deployed by default, restricting the access from and to the NetObserv namespaces. It's different for other CNIs, because some features are implementation-specific (e.g: how host-network traffic is handled by policies). We should at least support netpols in kind (see https://github.com/kubernetes-sigs/kind/releases/tag/v0.24.0), and do a best effort otherwise - with community contributions welcome.

Another aspect is to better warn for missing policy, and improve the documentation.

  • Investigate / implement what's missing for network policy on Kind.
  • Raise warnings / degrade conditions when no network policy is detected.
  • Better document the required ACLs for NetObserv, for users using CNIs that don't support the embedded policy.
  • Document the risks associated to not having a network policy.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

Feature

Projects

NetObserv Kanban

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions