This PR uses the pre-existing calico setup to deploy a networkpolicy to allow only connections from cloud.gov into the EKS worker pods. It was coupled with the default-deny-egress policy to have a single default configuration that users are allowed to modify without the broker wanting to undo the user's changes.
This replaces #52, but there is still some good documentation about VPC configuration in that PR.
Relates to https://github.com/GSA/data.gov/issues/3355
This PR uses the pre-existing calico setup to deploy a networkpolicy to allow only connections from cloud.gov into the EKS worker pods. It was coupled with the default-deny-egress policy to have a single default configuration that users are allowed to modify without the broker wanting to undo the user's changes.
This replaces #52, but there is still some good documentation about VPC configuration in that PR.
Cool Additional References:
kubernetes_network_policy