Add Oracle Aggregator and CCIP Integration
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control. - Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities. - Created .gitmodules to include OpenZeppelin contracts as a submodule. - Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment. - Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks. - Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring. - Created scripts for resource import and usage validation across non-US regions. - Added tests for CCIP error handling and integration to ensure robust functionality. - Included various new files and directories for the orchestration portal and deployment scripts.
This commit is contained in:
defiQUG
55
docs/operations/status-reports/REVIEW_NETWORK_POLICIES.md
Normal file
55
docs/operations/status-reports/REVIEW_NETWORK_POLICIES.md
Normal file
@@ -0,0 +1,55 @@
|
||||
# Network Policies Review
|
||||
|
||||
## Overview
|
||||
|
||||
Network Policies have been created to restrict pod-to-pod communication in the besu-network namespace.
|
||||
|
||||
## Policies Created
|
||||
|
||||
### 1. default-deny-all
|
||||
- **Purpose**: Default deny all traffic
|
||||
- **Scope**: All pods in namespace
|
||||
- **Status**: ✅ Created
|
||||
|
||||
### 2. allow-validator-internal
|
||||
- **Purpose**: Allow validators to communicate with sentries and other validators
|
||||
- **Scope**: Validator pods
|
||||
- **Ports**: 30303 (TCP/UDP), 9545 (TCP)
|
||||
- **Status**: ✅ Created
|
||||
|
||||
### 3. allow-sentry-p2p
|
||||
- **Purpose**: Allow sentries to accept P2P connections
|
||||
- **Scope**: Sentry pods
|
||||
- **Ports**: 30303 (TCP/UDP), 9545 (TCP)
|
||||
- **Status**: ✅ Created
|
||||
|
||||
### 4. allow-rpc-http
|
||||
- **Purpose**: Allow RPC nodes to receive HTTP traffic from gateway
|
||||
- **Scope**: RPC pods
|
||||
- **Ports**: 8545, 8546, 9545 (TCP)
|
||||
- **Status**: ✅ Created
|
||||
|
||||
### 5. allow-gateway-external
|
||||
- **Purpose**: Allow gateway to receive external traffic and forward to RPC nodes
|
||||
- **Scope**: Gateway pods
|
||||
- **Ports**: 80, 443 (TCP)
|
||||
- **Status**: ✅ Created
|
||||
|
||||
## Validation
|
||||
|
||||
Run the validation script:
|
||||
```bash
|
||||
./scripts/validation/validate-network-policies.sh
|
||||
```
|
||||
|
||||
## Application
|
||||
|
||||
Apply Network Policies:
|
||||
```bash
|
||||
kubectl apply -f k8s/network-policies/default-deny.yaml
|
||||
```
|
||||
|
||||
## Testing
|
||||
|
||||
Test pod-to-pod communication restrictions to ensure policies are working correctly.
|
||||
|
||||
Reference in New Issue
Block a user