Level 1 Network Policy / karydia-default-network-policy added security for the following aspects:
block access to host network (static AWS)
block access to meta data services (AWS = GCP = Azure and Ali Cloud)
block access to kube-system namespace by allowing only necessary DNS traffic
We decided to be quite open (blacklist).
Please note: In the next "Network Policy" version, the protection of host network will be implemented using labels and roles. We can't rely on a static or even dynamic IP range and we must use a layer of abstraction.
Checklist
Before submitting this PR, please make sure:
[x] you have added integration tests
[x] your code builds clean with make
[x] your code lets succeed unit tests with make test
Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
Tobias Simolik seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it.
Description
Level 1 Network Policy / karydia-default-network-policy added security for the following aspects:
We decided to be quite open (blacklist). Please note: In the next "Network Policy" version, the protection of host network will be implemented using labels and roles. We can't rely on a static or even dynamic IP range and we must use a layer of abstraction.
Checklist
Before submitting this PR, please make sure:
make
make test