Network Policy to Explicitly Allow access from all Namespaces

The Default network policy in OpenShift allows all access from all pods in all namespaces via the cluster IP. However, once you start enforcing policy on a project, all policy decision need to be made explicit. If you want to still allow access from all projects, you can use the following policy file.

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: allow-all-namespaces
spec:
  ingress:
  - from:
    - namespaceSelector: {}

Building (and running) a custom HTTPD container image

Having used Apache HTTPD for a good portion of my professional career, and being responsible for explaining how OpenShift works, I decided to try and build an Apache HTTPD container from scratch. For follow on work, I want to see the environment, so the container is essentially wrapping a mod_wsgi APP that dumps the environment. I took some trial and error to get it to run. Here is the end result:

Continue reading