Add NetworkPolicy to separate user functions #108

alexellis · 2018-08-23T09:21:20Z

We need a NetworkPolicy which does the following:

Prevent functions calling system services - block (openfaas-fn) -> (openfaas)
Prevent functions calling other functions - block (openfaas-fn) -> (openfaas-fn)
Allow OpenFaaS Cloud "system" functions to do the above. Use a label to decide which functions belong to this group.

In addition we will have to prevent users from adding this "system" or "openfaas" label to their functions in the buildshiprun function.

Testing:

Show above conditions are satisfied in a deployment on Kubernetes.

Changes should be made to / added to the Kubernetes YAML files in ./yaml/ and documented in the docs/README.md file.

The text was updated successfully, but these errors were encountered:

alexellis · 2018-08-23T09:26:36Z

I closed the original issue from April since this has more detail.

bartsmykla · 2018-09-03T06:52:42Z

Derek assign: me

alexellis added priority/high skill/intermediate area/security labels Aug 23, 2018

alexellis mentioned this issue Aug 23, 2018

Apply Kubernetes NetworkPolicy to prevent accessing other functions #3

Closed

derek bot assigned bartsmykla Sep 3, 2018

bartsmykla mentioned this issue Sep 4, 2018

Created network policies for OpenFaaS Cloud #128

Merged

4 tasks

alexellis closed this as completed in #128 Sep 7, 2018

Provide feedback