Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 7. Postinstallation network configuration
After installing OpenShift Container Platform, you can further expand and customize your network to your requirements.
7.1. Using the Cluster Network Operator
You can use the Cluster Network Operator (CNO) to deploy and manage cluster network components on an OpenShift Container Platform cluster, including the Container Network Interface (CNI) network plugin selected for the cluster during installation. For more information, see Cluster Network Operator in OpenShift Container Platform.
7.2. Network configuration tasks
7.2.1. Creating default network policies for a new project
					As a cluster administrator, you can modify the new project template to automatically include NetworkPolicy objects when you create a new project.
				
7.2.1.1. Modifying the template for new projects
As a cluster administrator, you can modify the default project template so that new projects are created using your custom requirements.
To create your own custom project template:
Prerequisites
- 
								You have access to an OpenShift Container Platform cluster using an account with cluster-adminpermissions.
Procedure
- 
								Log in as a user with cluster-adminprivileges.
- Generate the default project template: - oc adm create-bootstrap-project-template -o yaml > template.yaml - $ oc adm create-bootstrap-project-template -o yaml > template.yaml- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- 
								Use a text editor to modify the generated template.yamlfile by adding objects or modifying existing objects.
- The project template must be created in the - openshift-confignamespace. Load your modified template:- oc create -f template.yaml -n openshift-config - $ oc create -f template.yaml -n openshift-config- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Edit the project configuration resource using the web console or CLI. - Using the web console: - 
												Navigate to the Administration Cluster Settings page. 
- Click Configuration to view all configuration resources.
- Find the entry for Project and click Edit YAML.
 
- 
												Navigate to the Administration 
- Using the CLI: - Edit the - project.config.openshift.io/clusterresource:- oc edit project.config.openshift.io/cluster - $ oc edit project.config.openshift.io/cluster- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
 
- Update the - specsection to include the- projectRequestTemplateand- nameparameters, and set the name of your uploaded project template. The default name is- project-request.- Project configuration resource with custom project template - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- After you save your changes, create a new project to verify that your changes were successfully applied.
7.2.1.2. Adding network policies to the new project template
						As a cluster administrator, you can add network policies to the default template for new projects. OpenShift Container Platform will automatically create all the NetworkPolicy objects specified in the template in the project.
					
Prerequisites
- 
								Your cluster uses a default CNI network plugin that supports NetworkPolicyobjects, such as the OpenShift SDN network plugin withmode: NetworkPolicyset. This mode is the default for OpenShift SDN.
- 
								You installed the OpenShift CLI (oc).
- 
								You must log in to the cluster with a user with cluster-adminprivileges.
- You must have created a custom default project template for new projects.
Procedure
- Edit the default template for a new project by running the following command: - oc edit template <project_template> -n openshift-config - $ oc edit template <project_template> -n openshift-config- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Replace - <project_template>with the name of the default template that you configured for your cluster. The default template name is- project-request.
- In the template, add each - NetworkPolicyobject as an element to the- objectsparameter. The- objectsparameter accepts a collection of one or more objects.- In the following example, the - objectsparameter collection includes several- NetworkPolicyobjects.- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- Optional: Create a new project and confirm the successful creation of your network policy objects. - Create a new project: - oc new-project <project> - $ oc new-project <project>- 1 - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 1
- Replace<project>with the name for the project you are creating.
 
- Confirm that the network policy objects in the new project template exist in the new project: - oc get networkpolicy - $ oc get networkpolicy- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Expected output: - NAME POD-SELECTOR AGE allow-from-openshift-ingress <none> 7s allow-from-same-namespace <none> 7s - NAME POD-SELECTOR AGE allow-from-openshift-ingress <none> 7s allow-from-same-namespace <none> 7s- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow