Open NotChristianGarcia opened 2 years ago
There's a network plugin that might be useful? (requires a plugin though) https://www.qovery.com/blog/basic-network-isolation-in-kubernetes
Also mention of a networking sidecar, that could be useful instead.
Currently I believe arbitrary code can do basically anything to our cluster. Isolation via namespace does work, but in that case we need to move spawner into it's own namespace (pods can still talk to each other though).
Note: This is also important for Abaco.