Adding network policies to enforce minimal connectivity

[zivnevo]

Automatically generated NetworkPolicies

[github-actions]

query	src_ns	src_pods	dst_ns	dst_pods	connection
	[default]	[app in (checkoutservice,frontend,recommendationservice)]	[default]	[productcatalogservice]	TCP 3550,
	[default]	[app in (checkoutservice,frontend)]	[default]	[shippingservice]	TCP 50051,
	[default]	[checkoutservice]	[default]	[paymentservice]	TCP 50051,
	[default]	[frontend]	[default]	[checkoutservice]	TCP 5050,
	[default]	[cartservice]	[default]	[redis-cart]	TCP 6379,
	[default]	[app in (checkoutservice,frontend)]	[default]	[currencyservice]	TCP 7000,
	[default]	[app in (checkoutservice,frontend)]	[default]	[cartservice]	TCP 7070,
		ip block: 0.0.0.0/0	[default]	[frontend]	TCP 8080,
	[default]	[checkoutservice]	[default]	[emailservice]	TCP 8080,
	[default]	[frontend]	[default]	[recommendationservice]	TCP 8080,
	[default]	[loadgenerator]	[default]	[frontend]	TCP 8080,
	[default]	[frontend]	[default]	[adservice]	TCP 9555,

[github-actions]

query	src_ns	src_pods	dst_ns	dst_pods	connection
Removed connections between persistent peers
	[default]	[*]	[default]	[productcatalogservice]	All but TCP 3550,
	[default]	[recommendationservice]	[default]	[*]	All but TCP 3550,
	[default]	[*]	[default]	[app in (paymentservice,shippingservice)]	All but TCP 50051,
	[default]	[*]	[default]	[checkoutservice]	All but TCP 5050,
	[default]	[cartservice]	[default]	[*]	All but TCP 6379,
	[default]	[*]	[default]	[currencyservice]	All but TCP 7000,
	[default]	[*]	[default]	[cartservice]	All but TCP 7070,
	[default]	[*]	[default]	[app in (emailservice,recommendationservice)]	All but TCP 8080,
	[default]	[loadgenerator]	[default]	[*]	All but TCP 8080,
	[default]	[*]	[default]	[adservice]	All but TCP 9555,
	[default]	[*]	[default]	[loadgenerator]	All connections
	[default]	[app not in (cartservice,checkoutservice,frontend,loadgenerator,recommendationservice)]	[default]	[*]	All connections
	[default]	[cartservice]	[default]	[app not in (cartservice,loadgenerator,redis-cart)]	All connections
	[default]	[checkoutservice]	[default]	[app in (adservice,frontend,recommendationservice,redis-cart)]	All connections
	[default]	[frontend]	[default]	[app in (emailservice,paymentservice,redis-cart)]	All connections
	[default]	[loadgenerator]	[default]	[app not in (frontend,loadgenerator)]	All connections
	[default]	[recommendationservice]	[default]	[app not in (loadgenerator,productcatalogservice,recommendationservice)]	All connections
Removed connections between persistent peers and ipBlocks
		ip block: 0.0.0.0/0	[default]	[*]	All but TCP 8080,
		ip block: 0.0.0.0/0	[default]	[app not in (frontend)]	All connections
	[default]	[*]		ip block: 0.0.0.0/0	All connections

[github-actions]

❌Rule require-label-to-access-payments-service is violated

Details

/github/workspace/. does not forbid connections specified in /tmp/require-label-to-access-payments-service.yaml:Both /tmp/require-label-to-access-payments-service.yaml and /github/workspace/. allow the following connection from default/checkoutservice-1 to default/paymentservice-1

Protocol: TCP, 50051

✅Rule no-ftp is satisfied

✅Rule no-telnet is satisfied

✅Rule no-smtp is satisfied

✅Rule no-imap is satisfied

1 rule (out of 5) is violated

[github-actions]