Network Policy is a Kubernetes feature that controls ingress and egress network traffic for pods. In Vald, you can set network policies as follows.
Please note that prerequisites are required for using network policies. Even if you configure the following settings in a cluster that does not meet the prerequisites, network policies will not be effective.
Network Policy in Vald
To enable network policies in a Vald cluster, set
true as follows:
defaults: networkPolicy: enabled: true
This sets the following ingress/egress rules between Vald components (these are the minimum required rules for a Vald cluster to work).
|from / to||agent||discoverer||filter gateway||lb gateway||index manager||kube-system|
Add a user custom Network Policy
There may be cases where you want to connect a Vald cluster to external components. Specifically, for the following cases:
- Enable egress to
OpenTelemetryCollectorto use observability features
- Enable egress to an external filter component to use filtering features.
To handle such cases, Vald allows you to set user custom network policies using the
defaults.networkPolicy.custom field as follows:
defaults: networkPolicy: enabled: true custom: ingress: - from: - podSelector: matchLabels: app.kubernetes.io/name: pyroscope egress: - to: - podSelector: matchLabels: app.kubernetes.io/name: opentelemetry-collector-collector
Please write down the same notation as the
ingress/egress field of NetworkPolicy resource in our
Currently, these custom network policies are applied to all Vald components.