[NPM] default deny all and yet have DNS resolution #450
Description
Is this a request for help?:
Yes
Is this an ISSUE or FEATURE REQUEST? (choose one):
No
Which release version?:
1.27 or later
Which component (CNI/IPAM/CNM/CNS):
NPM
Which Operating System (Linux/Windows):
Linux
For Linux: Include Distro and kernel version using "uname -a"
For windows: provide output of "$(Get-ItemProperty -Path "C:\windows\system32\hal.dll").VersionInfo.FileVersion"
Which Orchestrator and version (e.g. Kubernetes, Docker)
Kubernetes (AKS)
What happened:
just trying to understand whether the following code is appending by default access to kube-system (I'm particuraly interested in CoreDNS): 36f188c#diff-60fb2faa40c1933d596fafaa23977f04R102-R126
What you expected to happen:
If above assumption is correct, I'd have expected this not to happen and being blocked to access CoreDNS.
How to reproduce it (as minimally and precisely as possible):
Create a basic aks with azure plugin + azure policy and create a default-deny-all rule. You shoul not be able to access CoreDNS.
Anything else we need to know:
Is this officially documented?