Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[conn-list] policies external ip-blocks issues #456

Open
adisos opened this issue Dec 1, 2024 · 1 comment
Open

[conn-list] policies external ip-blocks issues #456

adisos opened this issue Dec 1, 2024 · 1 comment
Assignees
@shireenf-ibm

Comments

@adisos
Copy link
Collaborator

adisos commented Dec 1, 2024

  • In current analysis, assuming that IP-blocks used in network policies only represent connectivity to entities outside the cluster, not in-cluster workloads.
  • However, Pods with IP addresses which are contained in IP CIDR blocks from policies manifests, are also impacted by those policies.
  • Can the analysis be refined to consider Pod network IP address range / Pods addresses when available?
@adisos adisos changed the title policies external ip-blocks issues [conn-list] policies external ip-blocks issues Jan 27, 2025
@adisos
Copy link
Collaborator Author

adisos commented Jan 27, 2025

for entire ip range cases (0.0.0.0/0), should consider pods as included in those ranges.

see for example:
tests/exposure_test_with_anp_13/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shireenf-ibm shireenf-ibm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adisos @shireenf-ibm