Update page for in-cluster network communication #786

OlleLarsson · 2024-02-08T13:35:47Z

Describe the bug

We should update this page (?) with information about a list of weaknesses such as the cross-namespace forwarding exploit.

Screenshots

Additional context

OlleLarsson · 2024-02-08T13:36:52Z

@cristiklein please add more as I didn't quite catch what more we wanted to add to the page 😅

cristiklein · 2024-02-09T11:19:47Z

@OlleLarsson A few more details:

Currently, the Network Model page condenses too many networking topics. I'm listing them from "inside to outside":

How does Pod-to-Pod communication work inside the Workload Cluster?
How to enforce network separation via NetworkPolicies?
How does Service Discovery (i.e., DNS via Kubernetes Services) work inside the Workload Cluster?
How to expose Pods outside the Workload Cluster (Ingress)?
How to configure DNS when exposing Pods outside?
How to add rate-limiting to Ingresses?
How to add TLS encryption to Ingresses?

I believe that Application Developers would benefit from separating these topics on at least two pages. I propose 1-3 "inside" and 4-7 "outside".

The cross-namespace exploit topic fits perfectly in 2.

OlleLarsson added the documentation Improvements or additions to documentation label Feb 8, 2024

OlleLarsson assigned OlleLarsson and unassigned OlleLarsson Feb 12, 2024

cristiklein mentioned this issue Apr 26, 2024

Update process for using own issuer #847

Open

Provide feedback