You are viewing documentation for KubeSphere version:v3.0.0

KubeSphere v3.0.0 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Last updated:

Edit

Feedback

Workspace Network Isolation

Prerequisites

You have already enabled Network Policies.
Use an account of the workspace-admin role. For example, use the account ws-admin created in Create Workspaces, Projects, Accounts and Roles.

Note

For the implementation of the network policy, you can refer to KubeSphere NetworkPolicy.

Enable/Disable Workspace Network Isolation

Workspace network isolation is disabled by default. You can turn on network isolation in Basic Info under Workspace Settings.

workspace-isolation

Note

When network isolation is turned on, egress traffic will be allowed by default, while ingress traffic will be denied for different workspaces. If you need to customize your network policy, you need to turn on Project Network Isolation and add a network policy in Project Settings.

You can also disable network isolation on the Basic Info page.

Best Practice

To ensure that all Pods in a workspace are secure, a best practice is to enable workspace network isolation.

When network isolation is on, the workspace cannot be accessed by other workspaces. If a workspace’s default network isolation doesn’t meet your needs, turn on project network isolation and customize your project’s network policy.

Previous : Role and Member Management Next : Project Quotas Next

What’s on this Page