Open Issues Need Help
View All on GitHubKubernetes network policies reference implementation
AI Summary: This issue proposes adding end-to-end (e2e) tests to validate the "iptracker mode" of kube-network-policies. The task involves setting up a Kubernetes cluster using kops, installing kube-network-policies configured with iptracker, and then executing the existing e2e network policy test suite, following a similar testing model as seen in the cloud-provider-gcp project.
Kubernetes network policies reference implementation
AI Summary: The issue describes a problem where IPv6 ICMP traffic is not being blocked by Kubernetes Network Policies as expected, even when policies are in place. The root cause appears to be an `accept` rule for `meta l4proto ipv6-icmp` in the nftables configuration generated by kube-network-policies. The solution involves modifying the kube-network-policies configuration to allow only specific ICMPv6 types related to Neighbor Discovery (ND) while blocking other ICMPv6 traffic, ensuring proper IPv6 functionality while maintaining network security.
Kubernetes network policies reference implementation