Limit pods communication just inside same namespace
Permit DNS resolution
Permit HTTP and HTTP for nodes bootstrap (at least we can install packages for debug if required)
Network policies was tested in Kubernetes and they works as expected and looks like the following
k describe networkpolicy isolate-policy -n ct-00010
Name: isolate-policy
Namespace: ct-00010
Created on: 2023-05-30 20:53:27 +0300 EEST
Labels: <none>
Annotations: <none>
Spec:
PodSelector: <none> (Allowing the specific traffic to all pods in this namespace)
Allowing ingress traffic:
To Port: <any> (traffic allowed to all ports)
From:
PodSelector: <none>
Allowing egress traffic:
To Port: <any> (traffic allowed to all ports)
To:
PodSelector: <none>
----------
To Port: 53/UDP
To:
NamespaceSelector: kubernetes.io/metadata.name=kube-system
To:
PodSelector: k8s-app=kube-dns
----------
To Port: 80/TCP
To Port: 443/TCP
To:
IPBlock:
CIDR: 0.0.0.0/0
Except:
Policy Types: Ingress, Egress
This PR close #12
Proposed changes are based on Network isolation during tests execution #11
Network policies was tested in Kubernetes and they works as expected and looks like the following
Also, as we have Docker auto-builds for nim-codex now we can use them for tests as well.