jayunit100 / network-policy-subproject

A starter repo to donate to Kubernetes-sigs so the community can own and iterate on stories over time, with issue tracking, as we close out the policy++ wg
13 stars 12 forks source link

discuss the validity of the chokepoint story #14

Closed jayunit100 closed 4 years ago

jayunit100 commented 4 years ago
I want to administratively put a choke point between pods
 that arent in the same app so i can audit cross-app 
dependencies and implement ingress controls 
by default in my cluster.
jayunit100 commented 4 years ago

How is this different than this namespaceSelector option ?

jayunit100 commented 4 years ago

I think the difference here is that we are directing traffic through a proxy, so, although a namespace selector around all pods in a namespace can create a security boundary,

jayunit100 commented 4 years ago

I think we can close this, updated to note this workaround. reopen this issue if we have more to discuss around it.