Kubernetes Networking configuration

Network Policy

For the technical side of the implementation, read the kubernetes network policy docs.

Intra Namespace Networking

Within a single deployment of Exivity, many services require access to other services to operate. All of the required connectivity is provisioned automatically when using the default installation using helm.

When using external services, e.g. a self managed dababase, the customer must provide the required polices themselves.

External Connectivity

Ingress

The number of Exivity services that require ingress from services outside the deployment itself is limited to the following;

Glass, the GUI
Proximity, the API service

Egress

The number of Exivity services that require egress to endpoints outside the deployment itself is limited to the following;

Proximity, to connect to auth related endpoints
USE, which scrapes usage data for the application
Pigeon, used to message users about various event through the notification engine

Kubernetes Networking configuration

Network Policy​

Intra Namespace Networking​

External Connectivity​

Ingress​

Egress​

Network Policy

Intra Namespace Networking

External Connectivity

Ingress

Egress