K
Q

Kubernetes Network Policy for Internet Egress

9/26/2019

I'm trying to create a Kubernetes network policy that allows pods to egress out to the internet to connect to external resources (like Azure SQL) but not allow them to connect to other pods inside the cluster. I've succesfully blocked all egress, but when I add the policy below to allow internet access, it instead allows access to everything, internal and external.

Can anyone confirm whether this should work, or if I'm missing something?

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-internet-egress
  namespace: client-namespace
spec:
  podSelector:
    matchLabels: {}
  egress:
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0
        except:
          - 10.0.0.0/8
          - 192.168.0.0/16
          - 172.16.0.0/20
  policyTypes:
  - Egress

This is running on an Azure AKS cluster, with the Azure Network Policy addon running.

-- Sam Cogan
azure
kubernetes
kubernetes-networkpolicy

Similar Questions

Unable to update kubernetes container /etc/hosts file using hostAliases
How to (properly) Deploy MongoDB on Kubernetes and Access it from Another Pod/Job?
PromQL to graph number of Kubernetes PODs created per Hour
Configure SMTP for SonarQube on Kubernetes Helm Chart

0 Answers