Open ThormaehlenFred opened 4 years ago
Does this REST based API already exist or does it need to be designed? If it exists, it would be good to see documentation with the endpoints, the input/output formats, authentication, whether there is pagination.
Possible list of tasks:
The authentication information should be stored in the secure store.
Hello @alban there might be two parts:
Description
Filter for in- and outgoing network traffic as configurable Karydia feature
User Story
As Kubernetes cluster owner I want to prevent applications and users from reaching remote hosts or from being reached by remote hosts in order to mitigating DDoS attacks, avoiding SPAM, blocking access to or from services for specific geographic regions and so on.
Implementation Idea
This kind of filtering is discussed in the Kubernetes community already in recent blog postings (see Performance Benchmark Analysis of Egress Filtering on Linux and BPF Isn't Just About Speed. The idea is that one or more Reputation Block Lists are received via HTTPS and a REST based API and are transformed in Cilium or other technology based network filters.