1.3 KiB
1.3 KiB
Network Policies Review
Overview
Network Policies have been created to restrict pod-to-pod communication in the besu-network namespace.
Policies Created
1. default-deny-all
- Purpose: Default deny all traffic
- Scope: All pods in namespace
- Status: ✅ Created
2. allow-validator-internal
- Purpose: Allow validators to communicate with sentries and other validators
- Scope: Validator pods
- Ports: 30303 (TCP/UDP), 9545 (TCP)
- Status: ✅ Created
3. allow-sentry-p2p
- Purpose: Allow sentries to accept P2P connections
- Scope: Sentry pods
- Ports: 30303 (TCP/UDP), 9545 (TCP)
- Status: ✅ Created
4. allow-rpc-http
- Purpose: Allow RPC nodes to receive HTTP traffic from gateway
- Scope: RPC pods
- Ports: 8545, 8546, 9545 (TCP)
- Status: ✅ Created
5. allow-gateway-external
- Purpose: Allow gateway to receive external traffic and forward to RPC nodes
- Scope: Gateway pods
- Ports: 80, 443 (TCP)
- Status: ✅ Created
Validation
Run the validation script:
./scripts/validation/validate-network-policies.sh
Application
Apply Network Policies:
kubectl apply -f k8s/network-policies/default-deny.yaml
Testing
Test pod-to-pod communication restrictions to ensure policies are working correctly.