DefaultDeny namespace annotation. Note: this will enforce policy for *all* pods in the namespace: ``` kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" ``` With NetworkPolicy enabled, traffic will be limited to just port 9000. For more precise policy, set `networkPolicy.allowExternal=true`. This will only allow pods with the generated client label to connect to MinIO. This label will be displayed in the output of a successful install....

DefaultDeny namespace annotation. Note: this will enforce policy for *all* pods in the namespace: ``` kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" ``` With NetworkPolicy enabled, traffic will be limited to just port 9000. For more precise policy, set `networkPolicy.allowExternal=true`. This will only allow pods with the generated client label to connect to MinIO. This label will be displayed in the output of a successful install....

DefaultDeny namespace annotation. Note: this will enforce policy for *all* pods in the namespace: ``` kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" ``` With NetworkPolicy enabled, traffic will be limited to just port 9000. For more precise policy, set `networkPolicy.allowExternal=true`. This will only allow pods with the generated client label to connect to MinIO. This label will be displayed in the output of a successful install....

DefaultDeny namespace annotation. Note: this will enforce policy for *all* pods in the namespace: ``` kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" ``` With NetworkPolicy enabled, traffic will be limited to just port 9000. For more precise policy, set `networkPolicy.allowExternal=true`. This will only allow pods with the generated client label to connect to MinIO. This label will be displayed in the output of a successful install....

DefaultDeny namespace annotation. Note: this will enforce policy for *all* pods in the namespace: ``` kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" ``` With NetworkPolicy enabled, traffic will be limited to just port 9000. For more precise policy, set `networkPolicy.allowExternal=true`. This will only allow pods with the generated client label to connect to MinIO. This label will be displayed in the output of a successful install....

DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: ``` kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" ``` With NetworkPolicy enabled, traffic will be limited to just port 9000. For more precise policy, set `networkPolicy.allowExternal=true`. This will only allow pods with the generated client label to connect to MinIO. This label will be displayed in the output of a successful install....

DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: ``` kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" ``` With NetworkPolicy enabled, traffic will be limited to just port 9000. For more precise policy, set `networkPolicy.allowExternal=true`. This will only allow pods with the generated client label to connect to MinIO. This label will be displayed in the output of a successful install....

DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: ``` kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" ``` With NetworkPolicy enabled, traffic will be limited to just port 9000. For more precise policy, set `networkPolicy.allowExternal=true`. This will only allow pods with the generated client label to connect to MinIO. This label will be displayed in the output of a successful install....

DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: ``` kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" ``` With NetworkPolicy enabled, traffic will be limited to just port 9000. For more precise policy, set `networkPolicy.allowExternal=true`. This will only allow pods with the generated client label to connect to MinIO. This label will be displayed in the output of a successful install....

### CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

A security issue was discovered in kube-apiserver that could allow an attacker controlled aggregated API server to redirect client traffic to any URL.  This could lead to the client performing unexpected actions as well as leaking the client's credentials to third parties.