-
Infra Task
-
Resolution: Merged
-
Should have
-
None
-
Currently, pods are not constrained in any way, they can communicate to any other pod in any other namespace.
We should limit pods where possible - eg redis pods only need to communicate with openresty and php containers of their specific deployment.
PHP pods only need to comunicate with openresty, redis, elasticsearch etc.
https://sysdig.com/blog/kubernetes-security-psp-network-policy/
Currently, pods are not constrained in any way, they can communicate to any other pod in any other namespace. We should limit pods where possible - eg redis pods only need to communicate with openresty and php containers of their specific deployment. PHP pods only need to comunicate with openresty, redis, elasticsearch etc. https://sysdig.com/blog/kubernetes-security-psp-network-policy/
-
None
Currently, pods are not constrained in any way, they can communicate to any other pod in any other namespace.
We should limit pods where possible - eg redis pods only need to communicate with openresty and php containers of their specific deployment.
PHP pods only need to comunicate with openresty, redis, elasticsearch etc.
https://sysdig.com/blog/kubernetes-security-psp-network-policy/