A Supervisor that uses NSX networking supports network security policies configured through a security policy CRD.

Create a Security Policy

As a DevOps, you can configure the security policy CRD to apply an NSX based security policy to a Supervisor namespace. The security policy protects traffic for vSphere Pods and VMs. VMs include TKG cluster nodes and other VMs deployed in the Supervisor.

Prerequisites

Use NSX version 3.2 or later.

Procedure

  1. Create a security policy CRD.
    For the fields to use and CRD examples, see NSX Operator Security Policy CRD documentation on GitHub.
  2. Access your namespace in the Kubernetes environment.
  3. Apply the security policy to the namespace.
    kubectl apply -f policy-name.yaml
  4. View your security policy.
    1. View details for the security policy.
      kubectl get securitypolicy policy-name
    2. View a description of your security policy.
      kubectl describe securitypolicy policy-name

Results

You can also use the NSX UI to view details of your policy. For information, see the VMware NSX Documentation page.