Instance Metadata endpoint Restriction

[miwithro]

Enable a Feature to allow customers to prevent unprivileged pods from accessing HostNetwork which provides access to the IMDS endpoint.

[ghost]

Action required from @Azure/aks-pm

[ghost]

Action required from @Azure/aks-pm

[ghost]

Action required from @Azure/aks-pm

[ghost]

Action required from @Azure/aks-pm

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Action required from @Azure/aks-pm

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Action required from @Azure/aks-pm

[ghost]

Issue needing attention of @Azure/aks-leads

[ghost]

Action required from @Azure/aks-pm

[mieky]

The documented instructions for IMDS hardening were proven problematic to achieve by manual means (on Azure CNI at least), as azure-npm doesn't cope well with introducing a large number of NetworkPolicy objects at once.

I wish there was a recommended way of achieving this, especially for someone using Azure CNI.

[ghost]

Action required from @Azure/aks-pm

[microsoft-github-policy-service[bot]]

This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.

[microsoft-github-policy-service[bot]]

Issue needing attention of @Azure/aks-leads

[microsoft-github-policy-service[bot]]

This issue will now be closed because it hasn't had any activity for 7 days after stale. miwithro feel free to comment again on the next 7 days to reopen or open a new issue after that time if you still have a question/issue or suggestion.

[microsoft-github-policy-service[bot]]

@miwithrow, @CocoWang-wql would you be able to assist?

[palma21]

Closing as duplicate of #4037