It is one of the goals of this project to provide a solution for integration of rich L7 network policies on the Actors, but we should start off with a capability to have at least basic egress controls relevant to sandboxes:
- Actors should not be able to talk to things by default.
- (Optional) Actors may able to egress out of the cluster e.g. the Internet.
Clearly this is a vast simplification of what we should support, but would be a good starting point towards having a secure default.
It is one of the goals of this project to provide a solution for integration of rich L7 network policies on the Actors, but we should start off with a capability to have at least basic egress controls relevant to sandboxes:
Clearly this is a vast simplification of what we should support, but would be a good starting point towards having a secure default.