Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KG 0.35 - Need to isolate pods from network sans their open ports. #16

Open
NotChristianGarcia opened this issue Jun 17, 2022 · 1 comment
Assignees
Labels
enhancement New feature or request

Comments

@NotChristianGarcia
Copy link
Member

Currently I believe arbitrary code can do basically anything to our cluster. Isolation via namespace does work, but in that case we need to move spawner into it's own namespace (pods can still talk to each other though).

Note: This is also important for Abaco.

@NotChristianGarcia NotChristianGarcia added the enhancement New feature or request label Jun 17, 2022
@NotChristianGarcia NotChristianGarcia self-assigned this Jun 17, 2022
@NotChristianGarcia NotChristianGarcia changed the title KG .35 - Need to isolate pods from network sans their open ports. KG 0.35 - Need to isolate pods from network sans their open ports. Jun 17, 2022
@NotChristianGarcia
Copy link
Member Author

NotChristianGarcia commented Jun 17, 2022

There's a network plugin that might be useful? (requires a plugin though)
https://www.qovery.com/blog/basic-network-isolation-in-kubernetes

Also mention of a networking sidecar, that could be useful instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant