Measures

NetworkPolicies

We recommend creating a cluster-wide NetworkPolicy with the DenyAll rule:

  apiVersion: networking.k8s.io/v1
  kind: NetworkPolicy
  metadata:
    name: deny-all
    namespace: default ### should be created for all namespaces!
  spec:
    podSelector: {}
    policyTypes:
    - Ingress
    - Egress

and then allow all allowed communications between the pods again with additional NetworkPolicies. We also recommend that at least one person is responsible for the network policies.

Included in the following risks

Any Questions?

Please feel free to contact us for any question that is not answered yet. 

We are looking forward to get in contact with you!

Design Escapes

KubeOps GmbH
Hinter Stöck 17
72406 Bisingen
Germany

  • Telefon:

    +49 7433 93724 90

  • Mail:

    This email address is being protected from spambots. You need JavaScript enabled to view it.

Legal
Download Area
Certified as

KubeOps GmbH is the owner of the Union trademark KubeOps with the registration number 018305184. 

© KubeOps GmbH. All rights reserved. Subsidiary of