Expose helm configuration flag to allow access to instance metadata service (IMDS)
Feature Request
Why
We rely on instance roles (until we can get kube2iam or kiam into IronBank and build out a BB addon) to give workloads access to services such as S3 (for Velero) and KMS (for ArgoCD to use SOPS). The default NetworkPolicy resources are a great security addition to BigBang, but currently our only workaround is to disable them outright.
The ability to selectively allow this traffic for certain workloads would be a great add.
Proposed Solution
Create a flag similar to networkPolicies.enabled
that wraps/toggles the inclusion of rules such as these:
Edited by Taylor Mitchell