OOTB policy: inbound and outbound traffic
Problem to solve
Create these out-of-the-box policies:
- Drop all outbound traffic
- Drop all inbound traffic on any port except port 80 or 443
- Set audit mode to enabled by default in the cluster applications project
These 2 policies are fairly simple to implement and we can implement those per application environment.
Intended users
User experience goal
The two out-of-the-box policies should be available to the user.
Implementation Plan
We can add the required policies with a predefined manifest to the policy list component: https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/assets/javascripts/threat_monitoring/components/network_policy_list.vue . Predefined policies will be disabled by default and upon first enable backend call will be triggered to install a policy. Once it's installed we can remove it from the list of predefined policies since it can be managed as a regular policy at this point.
Cluster applications project has to be updated to enable audit mode by default: https://gitlab.com/gitlab-org/cluster-integration/cluster-applications/-/blob/master/src/default-data/cilium/values.yaml