Level 1 Network Policy / karydia-default-network-policy added security for the following aspects:
block access to host network (static AWS)
block access to meta data services (AWS = GCP = Azure and Ali Cloud)
block access to kube-system namespace by allowing only necessary DNS traffic
We decided to be quite open (blacklist) because we weren't able to define all necessary network traffic.
Please note: In the next "Network Policy" version, the protection of host network will be implemented using labels and roles. We can't rely on a static or even dynamic IP range and we must use a layer of abstraction.
Checklist
Before submitting this PR, please make sure:
[x] you have added integration tests
[x] your code builds clean with make
[x] your code lets succeed unit tests with make test
Description
Level 1 Network Policy / karydia-default-network-policy added security for the following aspects:
Please note: In the next "Network Policy" version, the protection of host network will be implemented using labels and roles. We can't rely on a static or even dynamic IP range and we must use a layer of abstraction.
Checklist
Before submitting this PR, please make sure:
makemake test