[TC_35] Enforcement of Ingress and Egress Network Policies in Kubernetes - Githubissues

eu-nebulous / nebulous

The main repository of the NebulOuS Meta Operating System project.

https://nebulouscloud.eu

Mozilla Public License 2.0

0 stars 0 forks source link

[TC_35] Enforcement of Ingress and Egress Network Policies in Kubernetes #54

Open jchmielewska opened 2 months ago

jchmielewska commented 2 months ago

Objective:

To validate the enforcement of ingress and egress network policies for pods in the Kubernetes environment.

Preconditions:

NebulOuS core is running.
Kubernetes cluster with network policies is integrated with NebulOuS.

Steps:

Action:
- Define and apply an ingress network policy for a pod (e.g., nginx-pod) that allows traffic only from a certain namespace (e.g., internal) on a specific port (e.g., 80).

Expected result:

The ingress policy is successfully applied. nginx-pod should only accept traffic on port 80 from pods within the internal namespace.

Action:
- Test the ingress policy by sending traffic to nginx-pod from a pod within the internal namespace and then from a pod outside this namespace.

Expected result:

Traffic from the pod within the internal namespace reaches nginx-pod. Traffic from the pod outside the internal namespace is blocked, and an attempt is logged.

Action:
- Define and apply an egress network policy for another pod (e.g., backend-pod) that restricts outbound traffic to a specific external IP address range.

Expected result:

The egress policy is successfully applied. backend-pod can only initiate outbound traffic to the specified IP address range.

Action:
- Test the egress policy by attempting to connect from backend-pod to an allowed external IP address and then to a disallowed IP address.

Expected result:

Connections to the allowed IP address are successful.
Attempts to connect to disallowed IP addresses are blocked and logged.

jchmielewska commented 2 months ago

for automation

jchmielewska commented 2 months ago

for the 2nd release