Network Policy to Explicitly Allow access from all Namespaces

The Default network policy in OpenShift allows all access from all pods in all namespaces via the cluster IP. However, once you start enforcing policy on a project, all policy decision need to be made explicit. If you want to still allow access from all projects, you can use the following policy file.

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: allow-all-namespaces
spec:
  ingress:
  - from:
    - namespaceSelector: {}

Deploying a Minimalistic Flask Application to OpenShift

Some colleagues and I were discussing the network access policy of OpenShift. I realized it would be very helpful to have a trivial app that I could deploy to OpenShift that would then try to make a call to another service. So I wrote it using Python3 and Flask. Now that I have it working, I want to deploy it in OpenShift, again, in a trivial manner.

I would not deploy a Flask App into production without a Web server to front it. But that is what I am going to do for this test app.

Continue reading

Injecting a Host Entry in podman-run

How does an application find its database? For all but the most embedded of solutions, the database exposes a port on a network. In a containerized development process, one container needs to find another container’s network address. But podman only exposes the IP address of a pod, not the hostname. How can we avoid hardcoding IP addresses of remote services into our containers?

Continue reading

Networking Acronyms

My new role has me paying attention to the Network side of cloud a lot more than I had to in the past. One thing I’ve noticed about Networking is that it has a lot of acronyms, and people that work in it tend to throw them out in context and move on. This is my collection of recent acronyms and their meanings.

I will continue to update this one as I come across additional relevant terms and acronyms.
Continue reading