Neumann-Nils
commented
4 years ago Closed in favor of #46, as it describes the problem from a broader point of view.
Closed marwinski closed 4 years ago
Neumann-Nils
commented
4 years ago Closed in favor of #46, as it describes the problem from a broader point of view.
The goal of several common attacks on infrastructure providers are bitcoin mining and sending spam mail. For both scenarios egress traffic is required.
The idea is to add a network policy to explicitly deny egress traffic for deployed pods (cluster internal traffic is ok). Most pods do not need to talk to resources on the internet anyway.
This limitation could be lifted with a simple label:
allowEgress: "true". In addition this could be set on the namespace to have it configured for all pods.