-
公开(公告)号:US20240028358A1
公开(公告)日:2024-01-25
申请号:US17821232
申请日:2022-08-22
Applicant: VMware, Inc.
Inventor: Danting LIU , Qian SUN , Jianjun SHEN , Wenfeng LIU , Donghai HAN
IPC: G06F9/455
CPC classification number: G06F9/45558 , G06F2009/45595 , G06F2009/4557
Abstract: Disclosed herein is a system and method for controlling network traffic among namespaces in which various entities, such as virtual machines, pod virtual machines, and a container orchestration system, such as Kubernetes, reside and operate. The entities have access to a network that includes one or more firewalls. The traffic that is permitted to flow over the network among and between the namespaces is defined by a security policy definition. The security policy definition is posted to a master node in a supervisor cluster that supports and provisions the namespaces. The master node invokes a network manager to generate a set of firewall rules and program the one or more firewalls in the network to enforce the rules.