jayunit100 / network-policy-subproject

A starter repo to donate to Kubernetes-sigs so the community can own and iterate on stories over time, with issue tracking, as we close out the policy++ wg
13 stars 12 forks source link

make 'pods blocked by from internet' low priority or out of scope or both #13

Closed jayunit100 closed 4 years ago

jayunit100 commented 4 years ago
- I want all pods to be blocked from accessing the internet.
I want all pods to be blocked from accessing the internet by default, 
but developers can add policies declaring what sites they need access to. 
The sites will be reachable, 
but if hackers break into the pod they can’t reach anywhere 
else besides those sites, except they can’t access 192.168.0.0/16 
even if they declare it.
jayunit100 commented 4 years ago

per Chris : For the first part - Would blocking access to anything not declared in a CIDR egress policy not suffice?

this can easily be done w CIDR egress

jayunit100 commented 4 years ago

I think the user story implies that it should be easy to do this w/o CIDR ranges, so I updated that .