d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
smom-dbis-138/docs/operations/status-reports/REVIEW_NETWORK_POLICIES.md
defiQUG 1fb7266469 Add Oracle Aggregator and CCIP Integration 
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
2025-12-12 14:57:48 -08:00

56 lines
1.3 KiB
Markdown
Raw Permalink Blame History

# Network Policies Review
## Overview
Network Policies have been created to restrict pod-to-pod communication in the besu-network namespace.
## Policies Created
### 1. default-deny-all
- **Purpose**: Default deny all traffic
- **Scope**: All pods in namespace
- **Status**: ✅ Created
### 2. allow-validator-internal
- **Purpose**: Allow validators to communicate with sentries and other validators
- **Scope**: Validator pods
- **Ports**: 30303 (TCP/UDP), 9545 (TCP)
- **Status**: ✅ Created
### 3. allow-sentry-p2p
- **Purpose**: Allow sentries to accept P2P connections
- **Scope**: Sentry pods
- **Ports**: 30303 (TCP/UDP), 9545 (TCP)
- **Status**: ✅ Created
### 4. allow-rpc-http
- **Purpose**: Allow RPC nodes to receive HTTP traffic from gateway
- **Scope**: RPC pods
- **Ports**: 8545, 8546, 9545 (TCP)
- **Status**: ✅ Created
### 5. allow-gateway-external
- **Purpose**: Allow gateway to receive external traffic and forward to RPC nodes
- **Scope**: Gateway pods
- **Ports**: 80, 443 (TCP)
- **Status**: ✅ Created
## Validation
Run the validation script:
```bash
./scripts/validation/validate-network-policies.sh
```
## Application
Apply Network Policies:
```bash
kubectl apply -f k8s/network-policies/default-deny.yaml
```
## Testing
Test pod-to-pod communication restrictions to ensure policies are working correctly.
Reference in New Issue View Git Blame Copy Permalink