Intra-project traffic network policies

This page provides instructions to configure intra-project traffic network policies in Google Distributed Cloud (GDC) air-gapped appliance.

Project network policies define either ingress or egress rules. You can define policies that allow communication within projects, between projects, and to external IP addresses.

Before you begin

To configure intra-project traffic network policies, you must have the following:

Create an intra-project traffic policy

For traffic within a project, GDC applies a predefined project network policy, the intra-project policy, to each project by default. By default, workloads in a project namespace have the ability to communicate with each other without exposing anything to external resources.

By default, there is no egress policy, so outbound traffic is allowed for all intra-project traffic. However, when you set a single egress policy, only the traffic that the policy specifies is allowed.

Ingress intra-project traffic network policy

When you create a project, you implicitly create a default base ProjectNetworkPolicy that allows intra-project communication. This policy allows inbound traffic from other services in the same project.

You can remove the default policy, but be aware that this removal results in denying intra-project communication for all services and workloads within the project.