Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding network policies to enforce minimal connectivity #22

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Adding network policies to enforce minimal connectivity #22

wants to merge 1 commit into from

Conversation

zivnevo
Copy link
Member

@zivnevo zivnevo commented Mar 22, 2022

Automatically generated NetworkPolicies

@zivnevo
Copy link
Member Author

zivnevo commented Mar 22, 2022

✅Rule no-ftp is satisfied

✅Rule no-telnet is satisfied

✅Rule no-smtp is satisfied

✅Rule no-imap is satisfied

✅Rule require-label-to-access-payments-service is satisfied

All rules are satisfied

@zivnevo
Copy link
Member Author

zivnevo commented Mar 22, 2022

query src_ns src_pods dst_ns dst_pods connection
, config: .
[default] [app in (checkoutservice,frontend,recommendationservice)] [default] [productcatalogservice] TCP 3550
[default] [app in (checkoutservice,frontend)] [default] [shippingservice] TCP 50051
[default] [frontend] [default] [checkoutservice] TCP 5050
[default] [cartservice] [default] [redis-cart] TCP 6379
[default] [app in (checkoutservice,frontend)] [default] [currencyservice] TCP 7000
[default] [app in (checkoutservice,frontend)] [default] [cartservice] TCP 7070
ip block: 0.0.0.0/0 [default] [frontend] TCP 8080
ip block: ::/0 [default] [frontend] TCP 8080
[default] [checkoutservice] [default] [emailservice] TCP 8080
[default] [frontend] [default] [recommendationservice] TCP 8080
[default] [loadgenerator] [default] [frontend] TCP 8080
[default] [frontend] [default] [adservice] TCP 9555

@zivnevo
Copy link
Member Author

zivnevo commented Mar 22, 2022

query src_ns src_pods dst_ns dst_pods connection
Removed connections between persistent peers
[default] [*] [default] [productcatalogservice] All but TCP 3550
[default] [recommendationservice] [default] [*] All but TCP 3550
[default] [*] [default] [shippingservice] All but TCP 50051
[default] [*] [default] [checkoutservice] All but TCP 5050
[default] [cartservice] [default] [*] All but TCP 6379
[default] [*] [default] [currencyservice] All but TCP 7000
[default] [*] [default] [cartservice] All but TCP 7070
[default] [*] [default] [app in (emailservice,recommendationservice)] All but TCP 8080
[default] [loadgenerator] [default] [*] All but TCP 8080
[default] [*] [default] [adservice] All but TCP 9555
[default] [*] [default] [app in (loadgenerator,paymentservice)] All connections
[default] [app not in (cartservice,checkoutservice,frontend,loadgenerator,recommendationservice)] [default] [*] All connections
[default] [cartservice] [default] [app not in (cartservice,loadgenerator,paymentservice,redis-cart)] All connections
[default] [checkoutservice] [default] [app in (adservice,frontend,recommendationservice,redis-cart)] All connections
[default] [frontend] [default] [app in (emailservice,redis-cart)] All connections
[default] [loadgenerator] [default] [app not in (frontend,loadgenerator,paymentservice)] All connections
[default] [recommendationservice] [default] [app not in (loadgenerator,paymentservice,productcatalogservice,recommendationservice)] All connections
Removed connections between persistent peers and ipBlocks
ip block: 0.0.0.0/0 [default] [*] All but TCP 8080
ip block: ::/0 [default] [*] All but TCP 8080
ip block: 0.0.0.0/0 [default] [app not in (frontend)] All connections
ip block: ::/0 [default] [app not in (frontend)] All connections
[default] [*] ip block: 0.0.0.0/0 All connections
[default] [*] ip block: ::/0 All connections

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@zivnevo