I'm trying to create a Kubernetes network policy that blocks a pod from connecting to the internet. The pod should only have access to the local network 10.0.0.0/8
.
Using the Kubernetes documentation, I deployed a network policy that denies all egress traffic and applied it to all pods. However, when I exec into the pod I'm still able to do curl commands out to the internet.
Here is an example of the deny egress policy that I pulled from the
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-egress
spec:
podSelector: {}
policyTypes:
- Egress
Is there a way to block outbound access to the internet at the pod level?
Network policies are implemented by the network plugin. To use network policies, you must be using a networking solution which supports NetworkPolicy. Creating a NetworkPolicy resource without a controller that implements it will have no effect.
Please update the question with the info about what networking solution you are using to implement Network Policy, otherwise treat this response as an answer to why it doesn't work for you.