Side effects of applying DNS network policy (all-pods-egress-allow-dns) #5
Description
The side effect of applying the DNS policy goes beyond just the kubernetes.io accessibility. The frontend pods are still able to access the backend pods, since there is an existing policy. However, if the backends needed to access other pods then it would be denied, and on and on.
Given that the recommendation is to apply a DNS policy, is there a recommendation on how to best manage the number of policies that potentially could be required to allow/deny the ingress and egress. With only 2 services it's not difficult, but if there are hundreds of services this could be a NWP management nightmare?
Does Cilium / Tetragon provide a product that would allow me to run traffic through my application (testing) and based upon the flows it could capture the traffic flows and thus begin to create the network policies for me?