charts
charts copied to clipboard
bitnami
networkPolicy.kubeAPIServerPorts add similar for CIDR
Name and Version
bitnami/rabbitmq 15.03
What is the problem this feature will solve?
The configurability of k8s API ports only goes so far or at least is missing an opportunity to further narrow the allowed egress to the k8s API since it allows all egress on these ports.
What is the feature you are proposing to solve the problem?
Allow an optional chart parameter that further restricts the k8s egress to a given CIDR(s)
Many cloud providers allow API access to be from within a virtual private network (without going out to the internet) and the CIDR range of that virtual network is well known.
Something similar is true for self hosted clusters.
Though not solely the CIDR of the k8s API it is better than having no restriction at all and for most scenarios can mean that access is not allowed out to the internet on the networkPolicy.kubeAPIServerPorts value.
So the new parameter would be
networkPolicy.kubeAPIServerCIDRs or
networkPolicy.kubeAPIServerCIDR
What alternatives have you considered?
Possibly defining the network policy outside of the chart or as custom network policy but this is a brittle solution.
