Managing multi-network policies (MNP) across multiple Kubernetes clusters is operationally complex and error-prone. This post presents a ConfigMap-driven automation approach using Red Hat Advanced Cluster Management (ACM) to define network rules once on a hub cluster and automatically enforce them across all managed clusters. The architecture uses the PolicyGenerator framework and a hybrid hub-to-managed-cluster templating technique to discover NetworkAttachmentDefinitions (NADs), render localized MultiNetworkPolicies, and maintain compliance without manual intervention. A concrete YAML example shows how a single ConfigMap defining ingress rules for a VLAN gets propagated to every cluster with a matching NAD, with ACM enforcing the exact specification and removing any manually added deviations.
Table of contents
Define once, enforce everywhereThe solution: ConfigMap-driven policiesOperationalize the designThe advantages of this approachSort: