Can I block egress traffic to the internet from my namespace?
When creating a Cloud Platform environment namespace, by default the namespace allows egress traffic to the public internet. This is by design to allows users to quickly get started to launch their application to reach the internet.
If you have a requirement to block egress traffic from your namespace, you can append the following code to the networkpolicy.yaml file (replace your-namespace with the name of your namespace) This file is located in the root of your namespace directory.
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: block-egress
namespace: your-namespace
spec:
podSelector: {}
policyTypes:
- Egress
egress:
- {}
After applying this policy, egress traffic from all pods within the namespace will be blocked, while intra-namespace communication will still be allowed.
Breakdown of the above yaml:
- podSelector: {} selects all pods in the namespace.
- policyTypes: [Egress] specifies that the policy applies only to egress traffic.
- egress: [{}] specifies that all egress traffic is denied.