109 lines
2.5 KiB
YAML
109 lines
2.5 KiB
YAML
# Network policies for sandbox isolation
|
|
# Sandboxes can only communicate with specific services, not with each other
|
|
# or with the Kubernetes API
|
|
---
|
|
# Default deny all ingress and egress in sandbox namespace
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: default-deny-all
|
|
namespace: sandbox
|
|
spec:
|
|
podSelector: {}
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
---
|
|
# Allow sandboxes to receive connections from gateway (MCP)
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: allow-gateway-ingress
|
|
namespace: sandbox
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
dexorder.io/component: sandbox
|
|
policyTypes:
|
|
- Ingress
|
|
ingress:
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
app: gateway
|
|
ports:
|
|
- protocol: TCP
|
|
port: 3000 # MCP server port
|
|
- protocol: TCP
|
|
port: 5555 # ZeroMQ control channel
|
|
---
|
|
# Allow sandboxes to connect to required services
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: allow-sandbox-egress
|
|
namespace: sandbox
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
dexorder.io/component: sandbox
|
|
policyTypes:
|
|
- Egress
|
|
egress:
|
|
# DNS resolution (required)
|
|
- to:
|
|
- namespaceSelector: {}
|
|
podSelector:
|
|
matchLabels:
|
|
k8s-app: kube-dns
|
|
ports:
|
|
- protocol: UDP
|
|
port: 53
|
|
- protocol: TCP
|
|
port: 53
|
|
# Gateway (for callbacks)
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
app: gateway
|
|
ports:
|
|
- protocol: TCP
|
|
port: 3000
|
|
- protocol: TCP
|
|
port: 5571
|
|
# External HTTPS (for exchange APIs, LLM APIs)
|
|
- to:
|
|
- ipBlock:
|
|
cidr: 0.0.0.0/0
|
|
except:
|
|
# Block access to k8s API server (common ranges)
|
|
- 10.0.0.0/8
|
|
- 172.16.0.0/12
|
|
- 192.168.0.0/16
|
|
ports:
|
|
- protocol: TCP
|
|
port: 443
|
|
---
|
|
# Allow ingress from sandboxes to gateway (no explicit namespace = context default)
|
|
# In dev: applies to 'default' namespace. In prod: applies to 'ai' namespace.
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: allow-sandbox-callbacks
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app: gateway
|
|
policyTypes:
|
|
- Ingress
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
dexorder.io/type: sandboxes
|
|
ports:
|
|
- protocol: TCP
|
|
port: 3000
|
|
- protocol: TCP
|
|
port: 5571
|