Problem
K8s SeiNode pods have no NetworkPolicy gating intra-cluster ingress. Once validators expose gRPC :9090 (per sei-protocol/sei-config#19 aligning with canonical sei-infra), any pod in the cluster can reach seid's gRPC directly on the pod IP. The headless Service correctly omits :9090, but a headless Service is just DNS — pod IPs are routable from anywhere with cluster network access.
EC2 validators gate :9090 via security groups (effective reachability: loopback + a small allowlist). The K8s equivalent is missing.
Impact
Once sei-protocol/sei-config#19 propagates (seictl bump → controller SEI_SIDECAR_IMAGE bump → pod cycle), K8s validators will be more exposed than their EC2 peers on the same gRPC surface. Risks include unauthenticated mempool/tx-flood DoS from any compromised workload in the cluster, gRPC reflection enumeration of the cosmos-sdk surface for CVE probing, and resource-exhaustion DoS against signers (liveness fault, not double-sign).
Internal-only fleet of ~10 nodes keeps the blast radius small, but the gap is real.
Relevant experts
- security-specialist (flagged this in the sei-config#19 review)
- kubernetes-specialist (independently flagged the same — no NetworkPolicy present in the harbor overlay)
- network-specialist (NetworkPolicy authorship)
Proposed approach
Default-deny ingress on the SeiNode pod label set, with explicit allows for:
- P2P
:26656 (chain gossip)
- Tendermint RPC
:26657 (per existing Service exposure)
- EVM endpoints where the SeiNode opts into them
- Metrics scrape ports as currently configured
- Intra-pod / loopback always permitted by the K8s NetworkPolicy semantics
Open question: generate the NetworkPolicy per-SeiNode in the controller (internal/noderesource/), or own it in the platform overlay GitOps? Per-SeiNode generation keeps it co-located with the pod lifecycle; platform overlay is more flexible for ad-hoc allows.
Acceptance criteria
Out of scope
- IMDS blocking / egress filtering (separate hardening)
- Network policy tooling choice (Calico vs Cilium vs upstream NetworkPolicy) — use whatever the cluster ships
References
Problem
K8s SeiNode pods have no NetworkPolicy gating intra-cluster ingress. Once validators expose gRPC
:9090(per sei-protocol/sei-config#19 aligning with canonical sei-infra), any pod in the cluster can reach seid's gRPC directly on the pod IP. The headless Service correctly omits:9090, but a headless Service is just DNS — pod IPs are routable from anywhere with cluster network access.EC2 validators gate
:9090via security groups (effective reachability: loopback + a small allowlist). The K8s equivalent is missing.Impact
Once sei-protocol/sei-config#19 propagates (seictl bump → controller
SEI_SIDECAR_IMAGEbump → pod cycle), K8s validators will be more exposed than their EC2 peers on the same gRPC surface. Risks include unauthenticated mempool/tx-flood DoS from any compromised workload in the cluster, gRPC reflection enumeration of the cosmos-sdk surface for CVE probing, and resource-exhaustion DoS against signers (liveness fault, not double-sign).Internal-only fleet of ~10 nodes keeps the blast radius small, but the gap is real.
Relevant experts
Proposed approach
Default-deny ingress on the SeiNode pod label set, with explicit allows for:
:26656(chain gossip):26657(per existing Service exposure)Open question: generate the NetworkPolicy per-SeiNode in the controller (
internal/noderesource/), or own it in the platform overlay GitOps? Per-SeiNode generation keeps it co-located with the pod lifecycle; platform overlay is more flexible for ad-hoc allows.Acceptance criteria
:9090on a SeiNode pod IP:9090without issueOut of scope
References