I have my K8s setup(Pods A,B and C) and Elastic cache ("xxx.xxxx.xx.cache.amazonaws.com")in AWS. Right now all my pods have access to elastic cache.
I am looking for a solution by which I can restrict the communication. I read about calico but I understand I can block communication between two pods. Is there any way I can allow A to communicate with xxx.xxxx.xx.cache.amazonaws.com but block Pods B and C.
PS: Elastice cache is not something reside inside the k8s cluster.
You can use Kubernetes network policy where you can define egress policy to allow/deny outgoing traffic to CIDR blocks or IPs from pods selected by a label.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
namespace: default
spec:
podSelector:
matchLabels:
role: db
policyTypes:
- Egress
egress:
- to:
- ipBlock:
cidr: 10.0.0.0/24
except: 10.0.0.0/24
ports:
- protocol: TCP
port: 5978Above example blocks traffic to 10.0.0.0/24 on port 5978 from pods with label role: db
A network plugin such as calico is needed for it work. Follow docs to install calico in EKS cluster.