Network security

Currently, workloads running on the cluster can reach everything those machines can reach. This does NOT include management networks, but it includes a lot of NYU services.

This might be a problem for some workloads, and probably a blocker for running workloads from Nautilus.

NetworkPolicies could be used to restrict access on a namespace-basis, we would just have to author them.