Happy Goat for Life! Quick Note --- Egress Whitelisting in Kubernetes

ABOUT	APICONNECT	API	DATAPOWER	OPENSHIFT	EVENTSTREAMS	INTEGRATION	DAY2-OPS	ACE
*All opinions expressed here are very much my own or of the author of the article, not those of IBM. All Code provided is provide as is with no support unless otherwise stated.*

Chris Phillips’ Blog - API, Integration and Governance

Quick Note --- Egress Whitelisting in Kubernetes

Feb 3, 2019 • Category APIConnect by Chris Phillips

I got bored flying back from Germany last week and so I tried to solve a problem our test team were hitting. They needed to whitelist access to the internet for all the pods of one application

I had wanted to play with K8s network policies for ages, finally I got an excuse.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: foo-deny-external-egress
spec:
  podSelector:
  policyTypes:
  - Egress
  egress:
  - to:
    - ipBlock:
      cidr: <IP to WhiteList>/32
    ports:
      - port: 443
        protocol: TCP
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP

By Chris Phillips on February 3, 2019.

Canonical link

Exported from Medium on April 6, 2019.

Chris Phillips’ Blog - API, Integration and Governance

Home

About

Search

Categories

Guest Authors

Quick Note --- Egress Whitelisting in Kubernetes