Manage Connection Rules with Helm charts

You can create Cisco Panoptica Connection Policy rules from the CD Helm plugin. This enables the correct rules to be applied when the workload is deployed, and removed when the workload is uninstalled.

Policy YAML file

A rule is created by adding a policy YAML file for each workload deployed, which defines the connections that are permitted and blocked for the workload. This file is included in the Helm chart. The information in the file is passed to Panoptica when the chart is run.

The example below shows a policy YAML file for a workload. This file will create these connection rules, as follows:

  • permit connections to the workload 'db'
  • block all external outbound connections
  • permit internal and external connections from all sources
kind: SecureCNPolicy
  name: nginx
  deploymentName: nginx
    internal: [db]
    external: false
    internal: []
    external: true

Fields in the file

The policy file has these fields:

kind - this is fixed as 'SecureCNPolicy'
apiVersion - this is fixed as ''
deploymentName - the name of the pod (this is the name of the Connection Policy group that will be created for the new rules)

to - workloads that this pod can send to (internal - list & external - true / false)
from - workloads that can send to this pod (internal, external)

What’s Next