[TC_35] Enforcement of Ingress and Egress Network Policies in Kubernetes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
NebulOuS |
New
|
Undecided
|
Unassigned |
Bug Description
Objective:
To validate the enforcement of ingress and egress network policies for pods in the Kubernetes environment.
Preconditions:
1. NebulOuS core is running.
2. Kubernetes cluster with network policies is integrated with NebulOuS.
Steps:
Step 1.
- Action: Define and apply an ingress network policy for a pod (e.g., nginx-pod) that allows traffic only from a certain namespace (e.g., internal) on a specific port (e.g., 80).
- Expected result: The ingress policy is successfully applied. nginx-pod should only accept traffic on port 80 from pods within the internal namespace.
Step 2.
- Action: Test the ingress policy by sending traffic to nginx-pod from a pod within the internal namespace and then from a pod outside this namespace.
- Expected result: Traffic from the pod within the internal namespace reaches nginx-pod. Traffic from the pod outside the internal namespace is blocked, and an attempt is logged.
Step 3.
- Action: Define and apply an egress network policy for another pod (e.g., backend-pod) that restricts outbound traffic to a specific external IP address range.
- Expected result: The egress policy is successfully applied. backend-pod can only initiate outbound traffic to the specified IP address range.
Step 4.
- Action: Test the egress policy by attempting to connect from backend-pod to an allowed external IP address and then to a disallowed IP address.
- Expected result: Connections to the allowed IP address are successful. Attempts to connect to disallowed IP addresses are blocked and logged.
tags: | added: test-case-r.1.0 |