Namespace Policies
Overview¶
Important
Any existing pods/workloads prior to to sidecar injection being enabled must be RESTARTED in order for policies to take effect. When sidecar injection is disabled, pods/workloads must be RESTARTED for the sidecars to no longer run.
Important
Org Admin or Project Admin or Workspace Admin role is required to create and use service mesh namespace policies.
A namespace-wide policy is a bundle of service mesh rules that can be applied to one or more namespaces. An example use case for a namespace policy is configuring traffic routing for the purposes of A/B testing or staged roll outs.
Managing Namespace Policies¶
Creating a Namespace Policy¶
In order to create a namespace policy, you must add namespace-scoped policy rules to it.
- Login to the controller and under Service Mesh, navigate to the Policies screen. Select the namespace tab and click new policy
- Give a name for the policy and click Create
- Provide a version name
- Click Add Rules and add your namespace-scoped rules with the corresponding version you want to use
- Click Save Changes
Rules can be added to or removed from a policy using the same workflow. A new version needs to be created every time a policy is updated.
Using Namespace Policies¶
Namespaces Policies are added to/removed namespaces by doing the following:
- Login to the controller and navigate to Namespaces
- Select the namespace that you want to apply the namespace policy/policies to, and click edit
- Under the Configuration tab, navigate to Service Mesh Policies
- Enable sidecar injection
- To add namespace policies, select from the dropdown and select the corresponding version to use
- To remove a namespace policy, simply hit the delete icon to the right of the policy
- Click Save and navigate to placement
- Select the clusters and click republish.
