compliantkubernetes icon indicating copy to clipboard operation
compliantkubernetes copied to clipboard

Published 20 hours ago verified publisher icon elastisys

Update page for in-cluster network communication

Open OlleLarsson opened this issue 1 year ago • 2 comments

Describe the bug

We should update this page (?) with information about a list of weaknesses such as the cross-namespace forwarding exploit.

Screenshots

Additional context

OlleLarsson avatar Feb 08 '24 13:02 OlleLarsson

@cristiklein please add more as I didn't quite catch what more we wanted to add to the page 😅

OlleLarsson avatar Feb 08 '24 13:02 OlleLarsson

@OlleLarsson A few more details:

Currently, the Network Model page condenses too many networking topics. I'm listing them from "inside to outside":

  1. How does Pod-to-Pod communication work inside the Workload Cluster?
  2. How to enforce network separation via NetworkPolicies?
  3. How does Service Discovery (i.e., DNS via Kubernetes Services) work inside the Workload Cluster?
  4. How to expose Pods outside the Workload Cluster (Ingress)?
  5. How to configure DNS when exposing Pods outside?
  6. How to add rate-limiting to Ingresses?
  7. How to add TLS encryption to Ingresses?

I believe that Application Developers would benefit from separating these topics on at least two pages. I propose 1-3 "inside" and 4-7 "outside".

The cross-namespace exploit topic fits perfectly in 2.

cristiklein avatar Feb 09 '24 11:02 cristiklein