Home > Software design >  Kubernetes Network Policy to allow egress to S3
Kubernetes Network Policy to allow egress to S3

Time:12-12

I'm looking for a way to restrict outgoing traffic from my pod so it can only reach S3. My ingress is already completely locked down and I have a default of deny all incoming traffic (this would still allow me to connect to S3 as expected).

I was able to find the IP ranges for S3 in my region by following this documentation, and added it to my network policy below:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: aws-s3
spec:
  podSelector:
    matchLabels:
      name: aws-s3
  policyTypes:
  - Egress
  egress:
  - to:
    - ipBlock:
        cidr:
          52.95.144.0/24
    - ipBlock:
        cidr:
          52.95.148.0/23
    - ipBlock:
        cidr: 
         3.5.244.0/22
    - ipBlock:
        cidr:
          52.95.142.0/23
    - ipBlock:
        cidr:
          52.95.150.0/24
    - ipBlock:
        cidr:
          18.168.37.160/28
    - ipBlock:
        cidr:
          18.168.37.176/28

After adding this policy my pod can no longer reach the bucket using the aws cli. Has anyone been able to allow egress to S3 or have a fix for a similar issue?

CodePudding user response:

Figured out the issue. The aws cli was trying to resolve s3.amazonaws.com but couldn't because my policy was also blocking the DNS server. I whitelisted it and also allowed all outbound traffic on DNS ports (53/udp and 53/tcp).

Page link:https//www.codepudding.com/Softwaredesign/225228.html

Prev:Send Email From Application Hosted On Local Server
Next:Python, Tkinter : insert request doesn't work
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding