Home > Software engineering >  How to block outgoing traffic to ip in IP tables in K8S
How to block outgoing traffic to ip in IP tables in K8S

Time:05-10

I want block outgoing traffic to the ip (eg-DB) in IP tables in K8s.

I know that in K8s ip tables exist only at node level.

and I'm not sure in which file changes should be made and what is the command or changes required.

Please help me with this query.

Thanks.

CodePudding user response:

You could deploy istio and specifically the istio egress gateway.

This way you will be able to manage outgoing traffic within the istio manifest

CodePudding user response:

You can directly run the IPtable command (ex. iptables -A OUTPUT -j REJECT) on top of a node if that's fine.

however file depends on the OS : /etc/sysconfig/iptables this is for ipv4

i would suggest checking out the Network policy in Kubernetes using that you can block the outgoing traffic.

https://kubernetes.io/docs/concepts/services-networking/network-policies/

No extra setup is required like Istio or anything.

Cluster security you can handle using the network policy in the backend it uses IP tables only.

For example to block traffic on specific CIDR or IP by applying the YAML only

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
    - Egress
  egress:
    - to:
        - ipBlock:
            cidr: 10.0.0.0/24
      ports:
        - protocol: TCP
          port: 5978

Page link:https//www.codepudding.com/Softwareengineering/400745.html

Prev:Unable to mount a volume into a pod in kubernetes
Next:Why is my deployment not using the requested cpu in Kubernetes MInikube?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding