Skip to main content

Network policies

IBM Industry Solutions Workbench now supports network policies that limit ingoing and outgoing traffic in the namespaces where Solution Designer and Solution Hub are running. Additionally, ingoing traffic is also limited for deployed projects designed and implemented with IBM Industry Solutions Workbench. While these network policies are enabled by default, the following chapter describes how you can disable and configure these security measures.

warning

Reviewing and changing the configuration of Egress is mandatory, otherwise IBM Industry Solutions Workbench is not able to work properly.

Ingress (ingoing traffic)

The ingress policy blocks traffic from outside into the namespace where IBM Industry Solutions Workbench is installed or the service project is deployed.

To disable the ingress policy, you need to configure the ISW Custom Resource and set values.global.network.ingressPolicy.enabled to "false". For more information how to configure this, see the documentation about the ISW Custom Resource. After the change the ingress network policy will be disabled for the namespace where IBM Industry Solutions Workbench is installed and all k5projects.

Egress (outgoing traffic)

The egress policy blocks traffic from the namespace where IBM Industry Solutions Workbench is installed to any destination outside the cluster (a Route on the same cluster is also seen as "outside the cluster") and namespace. K5projects though, are not affected by this policy.

Configure Egress

Every public route or destination must be specifically allowed in the EgressNetworkPolicy. To allow certain outgoing traffic, you need to configure the ISW Custom Resource and add the needed configuration to values.global.network.egressPolicy.policy . For more information how to configure this, see the documentation about the ISW Custom Resource.

Disable Egress

To disable the egress policy, you need to configure the ISW Custom Resource and set values.global.network.egressPolicy.enabled to "false". For more information how to configure this, see the documentation about the ISW Custom Resource, Disable Egress.