Skip to content

feat: NetworkPolicy resources for Server and CA pods #50

New issue
New issue
Open
Open
feat: NetworkPolicy resources for Server and CA pods#50
Labels
securitySecurity hardening
@mathildabot

Description

@mathildabot
mathildabot
opened on Mar 12, 2026

Summary

Create NetworkPolicy resources to restrict traffic to/from Server and CA pods.

Rules

  • CA pods: only accept connections from Server pods and agents on port 8140
  • Server pods: only accept connections from agents on port 8140, allow outgoing to PuppetDB
  • Operator: restrict to Kubernetes API server communication only

CRD Addition (Config)

spec:
  networkPolicy:
    enabled: true
    allowPuppetDBEgress: true
    additionalIngress: []
    additionalEgress: []

Refs #34

Metadata

Metadata

Assignees

No one assigned

    Labels

    securitySecurity hardening

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions