Network policies
By default, this is disabled.
Sync NetworkPolicy resources from the tenant cluster to the control plane cluster. This ensures correct policies are created in the control plane cluster to achieve the desired traffic behavior between pods.
Sync NetworkPolicies from the tenant to control plane cluster​
sync:
toHost:
networkPolicies:
enabled: true
NetworkPolicy resources inside tenant clusters rely on the control plane cluster's support for this feature. Make sure that your control plane cluster satisfies the Network Policy prerequisites.
Patches​
Use sync.toHost.networkPolicies.patches to transform NetworkPolicy fields while syncing to the control plane cluster. See Patching synced resources for syntax, directionality, and examples.
Config reference​
networkPolicies object ​
NetworkPolicies defines if network policies created within the virtual cluster should get synced to the host cluster.
networkPolicies object ​enabled boolean false ​
Enabled defines if this option should be enabled.
enabled boolean false ​patches object[] ​
Patches patch the resource according to the provided specification.
patches object[] ​path required string ​
Path is the path within the patch to target. If the path is not found within the patch, the patch is not applied.
path required string ​expression string ​
Expression transforms the value according to the given JavaScript expression.
expression string ​reverseExpression string ​
ReverseExpression transforms the value according to the given JavaScript expression.
reverseExpression string ​reference object ​
Reference treats the path value as a reference to another object and will rewrite it based on the chosen mode
automatically. In single-namespace mode this will translate the name to "vxxxxxxxxx" to avoid conflicts with
other names, in multi-namespace mode this will not translate the name.
reference object ​apiVersion required string ​
APIVersion is the apiVersion of the referenced object.
apiVersion required string ​apiVersionPath string ​
APIVersionPath is optional relative path to use to determine the kind. If APIVersionPath is not found, will fallback to apiVersion.
apiVersionPath string ​kind required string ​
Kind is the kind of the referenced object.
kind required string ​kindPath string ​
KindPath is the optional relative path to use to determine the kind. If KindPath is not found, will fallback to kind.
kindPath string ​namePath string ​
NamePath is the optional relative path to the reference name within the object.
namePath string ​namespacePath string ​
NamespacePath is the optional relative path to the reference namespace within the object. If omitted or not found, namespacePath equals to the
metadata.namespace path of the object.
namespacePath string ​labels object ​
Labels treats the path value as a labels selector.
labels object ​