Difficulty: Intermediate
Estimated Time: 5 minutes

CloudSecOps

We'll learn how to use OPA Gatekeeper to prevent pods from using Host Network.

In this scenario, we have seen how to prohibit host network and the reason behind the need of this policy in our organizations.

For more info on this scenario - Prohibit hostNetwork

For more OPA Gatekeeper use-cases - Mastering OPA Policies

Prohibit hostNetwork

Step 1 of 4

Reason

Allowing pods to use the "hostNetwork" gives them access to the host machine's network interface. So in case of a compromise, this lets the attacker sniff the traffic going through the host network from the compromised pod.