Network policy

IBM Financial Services Workbench as well as the deployed projects designed and implemented with IBM Financial Services Workbench now support network policies to limit traffic to deployed projects and services running in the namespace where Solution Designer and Solution Hub are running.

Enable/disable network policy support

By default, Network Policy is enabled for all projects in the Solution Hub namespace and all k5-projects.

There are two options for disabling network policies:

  • Disable Network Policy for all k5-projects

  • Disable Network Policy for the whole system (Hub namespace and k5-projects) during installation process

Note: To support network policy we have added a label for "Default" namespace. Visit OpenShift Network Policy for further details.

Disable network policy support for all k5-projects

This will disable Network Policy for k5-project namespaces, but it won't disable network policy for the Solution Hub namespace.

  1. Open OpenShift Admin Console

  2. Navigate to: Workloads > Config Maps and select the Hub namespace as a project

  3. Search and select k5-project-operator-application config map

  4. Find the property de.knowis.cp.operator.config.default.networkPolicy.enabled and change the value to false

Disable network policy support globally

If global Network Policy is enabled/disabled during the installation process, then it enables/disables it for all deployed projects and Solution Hub namespace projects.

Follow below link to enable/disable Network Policy using the solution-hub-values.yaml file property (global.networkPolicy.enabled).

Disable network policy options