| CPC H04L 63/0263 (2013.01) | 20 Claims |
|
1. A method for implementing a network policy in a software defined networking (SDN) environment, comprising:
receiving a manifest defining a plurality of pods in a namespace, wherein:
for a first pod, the manifest defines a first environment value for an environment of the first pod, a first port number for a first container of the first pod, and a name for the first port number defined for the first container of the first pod;
for a second pod, the manifest defines the first environment value for an environment of the second pod, a second port number for a second container of the second pod, and the name for the second port number defined for the second container of the second pod; and
the manifest defines a security policy applied to a third pod, the security policy defining a first egress policy indicating the first environment value and the name;
creating, based on the manifest indicating that the first port number is different than the second port number and that the first port number and the second port number share the name, separate egress firewall rules for the first pod and the second pod, the separate egress firewall rules comprising:
a first egress firewall rule to apply to packets with the third pod as a source, the first pod as a destination, and the first port number as a destination port; and
a second egress firewall rule to apply to packets with the third pod as a source, the second pod as a destination, and the second port number as a destination port; and configuring a firewall with the first egress firewall rule and the second egress firewall rule.
|