/ DOCS
nav-img
Advanced

Configuring a Network Defense Policy (for a Cluster Using the VPC Tunnel Network Model)

For clusters using the VPC network model, you can configure network defense policies to limit the traffic that accesses the servers where containers are deployed. If no security group rules are configured, all incoming and outgoing traffic of the servers is allowed by default.

This section describes how to configure a network defense policy for a cluster using the VPC network model.

Creating a Network Defense Policy

  1. Log in to the management console.
  2. Click in the upper left corner of the page, select a region, and choose Security > Host Security Service. The HSS page is displayed.
  1. In the navigation pane on the left, choose Container Protection > Container Firewalls.
  2. Click Synchronize above the cluster list to synchronize the policies created on CCE.

    The synchronization takes about 1 to 2 minutes. Wait for a while and click in the upper right corner of the list to refresh and view the latest data.

  1. Click Manage Policy in the Operation column of a cluster using the VPC network model.
  2. In the Operation column of a node, click Configure Policy.
  3. In the displayed dialog box, click OK to go to the cloud server console.
  4. Click the Security Groups tab and view security group rules.
  5. Click the security group ID. The system automatically switches to the security group page.
  6. Configure inbound and outbound rules.

    For details, see "Adding a Security Group Rule" in Virtual Private Cloud User Guide.

Related Operations

Modifying or deleting a network defense policy

  1. Go to the HSS console.
  2. In the navigation pane on the left, choose Container Protection > Container Firewalls.
  3. Click Manage Policy in the Operation column of a cluster using the VPC network model.
  4. Click Synchronize above the node list to synchronize node information.
  5. Check the value of Last synchronized. If it changes to the completion time of the latest synchronization task, the synchronization is complete.
  6. In the Operation column of a node, click Configure Policy.
  7. In the displayed dialog box, click OK to go to the cloud server console.
  8. Click the Security Groups tab and view security group rules.
  9. Click the server name or ID. The basic information page of the server name is displayed.
  10. Click a rule tab and manage rules as needed.

    • Modifying a rule

      In the Operation column of a rule, click Modify. Modify the rule and click OK.

    • Deleting a rule

      In the Operation column of a rule, click Delete. In the confirmation dialog box, click OK.

Parent topic: Container Firewalls
Предыдущая статья
Configuring a Network Defense Policy (for a Cluster Using the Container Tunnel Network Model)
Следующая статья
Container Cluster Protection
Была ли эта статья полезна?
Поддержка Юридические документы
© 2025 Cloud.ru