How to block outgoing traffic to ip in IP tables in K8S - Docker - PhpOut

anonymous
May 9, 2022
185 views
0 votes
2 Answers

I want block outgoing traffic to the ip (eg-DB) in IP tables in K8s.

I know that in K8s ip tables exist only at node level.

and I’m not sure in which file changes should be made and what is the command or changes required.

Please help me with this query.

Thanks.

Tags: docker iptables kubernetes kubernetes-pod

Answers

- Bguess
- May 9, 2022 at 6:47 pm
- 0 votes
0
You could deploy istio and specifically the istio egress gateway.

This way you will be able to manage outgoing traffic within the istio manifest

Login or Signup to reply.

- HarshManvar
- May 9, 2022 at 7:26 pm
- 0 votes
0
You can directly run the IPtable command (ex. iptables -A OUTPUT -j REJECT) on top of a node if that’s fine.

however file depends on the OS : /etc/sysconfig/iptables this is for ipv4

i would suggest checking out the Network policy in Kubernetes using that you can block the outgoing traffic.

https://kubernetes.io/docs/concepts/services-networking/network-policies/

No extra setup is required like Istio or anything.

Cluster security you can handle using the network policy in the backend it uses IP tables only.

For example to block traffic on specific CIDR or IP by applying the YAML only
```
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
    - Egress
  egress:
    - to:
        - ipBlock:
            cidr: 10.0.0.0/24
      ports:
        - protocol: TCP
          port: 5978
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.