Skip to main content

Can I block egress traffic to the internet from my namespace?

When creating a Cloud Platform environment namespace, by default the namespace allows egress traffic to the public internet. This is by design to allows users to quickly get started to launch their application to reach the internet.

If you have a requirement to block egress traffic from your namespace, you can append the following code to the networkpolicty.yaml file (replace your-namespace with the name of your namespace) This file is located in the root of your namespace directory.

kind: NetworkPolicy
  name: block-egress
  namespace: your-namespace
  podSelector: {}
  - Egress
  - {}

After applying this policy, egress traffic from all pods within the namespace will be blocked, while intra-namespace communication will still be allowed.

Breakdown of the above yaml: - podSelector: {} selects all pods in the namespace. - policyTypes: [Egress] specifies that the policy applies only to egress traffic. - egress: [{}] specifies that all egress traffic is denied.

This page was last reviewed on 28 March 2024. It needs to be reviewed again on 28 September 2024 by the page owner #cloud-platform .
This page was set to be reviewed before 28 September 2024 by the page owner #cloud-platform. This might mean the content is out of date.