I have a Kubernetes cluster running behind a NAT. Now I want to forbid the pods to communicate with the network in which my Kubernetes nodes / servers are. The network has the CIRD: 10.12.12.0/27.
I've already tried the Kubernetes NetworkPolicy, but I haven't figured out how to prohibit communication with certain IPs. Instead, I have limited the Konnunikation to these IP's. Here is my previous NetworkPolicy:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: block-net-kubernetes
namespace: default
spec:
podSelector:
matchLabels:
namespace: default
policyTypes:
- Egress
egress:
- to:
- ipBlock:
cidr: 10.12.12.0/27
Many thanks in advance! Kind regards Niclas
You can use the expect block to filter out some IPs. Using that, the below example is allowing all egress but blocking traffic to 10.12.12.0/27
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: block-net-kubernetes
namespace: default
spec:
podSelector:
matchLabels:
namespace: default
policyTypes:
- Egress
egress:
- to:
- ipBlock:
cidr: 0.0.0.0/0
except:
- 10.12.12.0/27