公开(公告)号：US20240028358A1

公开(公告)日：2024-01-25

申请号：US17821232

申请日：2022-08-22

Applicant: VMware, Inc.

Inventor： Danting LIU ,  Qian SUN ,  Jianjun SHEN ,  Wenfeng LIU ,  Donghai HAN

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45595 ,  G06F2009/4557

Abstract: Disclosed herein is a system and method for controlling network traffic among namespaces in which various entities, such as virtual machines, pod virtual machines, and a container orchestration system, such as Kubernetes, reside and operate. The entities have access to a network that includes one or more firewalls. The traffic that is permitted to flow over the network among and between the namespaces is defined by a security policy definition. The security policy definition is posted to a master node in a supervisor cluster that supports and provisions the namespaces. The master node invokes a network manager to generate a set of firewall rules and program the one or more firewalls in the network to enforce the rules.