Deny egress traffic to internet on a Kubernetes pod

10/30/2021

I'm trying to create a Kubernetes network policy that blocks a pod from connecting to the internet. The pod should only have access to the local network 10.0.0.0/8.

Using the Kubernetes documentation, I deployed a network policy that denies all egress traffic and applied it to all pods. However, when I exec into the pod I'm still able to do curl commands out to the internet.

Here is an example of the deny egress policy that I pulled from the

---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-egress
spec:
  podSelector: {}
  policyTypes:
  - Egress

Is there a way to block outbound access to the internet at the pod level?

-- slidmac07
kubernetes
kubernetes-networkpolicy
kubernetes-pod

1 Answer

10/30/2021

Network policies are implemented by the network plugin. To use network policies, you must be using a networking solution which supports NetworkPolicy. Creating a NetworkPolicy resource without a controller that implements it will have no effect.

Please update the question with the info about what networking solution you are using to implement Network Policy, otherwise treat this response as an answer to why it doesn't work for you.

-- jabbson
Source: StackOverflow