Skip to main content

Can I block egress traffic to the internet from my namespace?

When creating a Cloud Platform environment namespace, by default the namespace allows egress traffic to the public internet. This is by design to allows users to quickly get started to launch their application to reach the internet.

If you have a requirement to block egress traffic from your namespace, you can append the following code to the networkpolicy.yaml file (replace your-namespace with the name of your namespace) This file is located in the root of your namespace directory.

---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: block-egress
  namespace: your-namespace
spec:
  podSelector: {}
  policyTypes:
  - Egress
  egress:
  - {}

After applying this policy, egress traffic from all pods within the namespace will be blocked, while intra-namespace communication will still be allowed.

Breakdown of the above yaml: - podSelector: {} selects all pods in the namespace. - policyTypes: [Egress] specifies that the policy applies only to egress traffic. - egress: [{}] specifies that all egress traffic is denied.

This page was last reviewed on 2 October 2024. It needs to be reviewed again on 2 April 2025 by the page owner #cloud-platform .
This page was set to be reviewed before 2 April 2025 by the page owner #cloud-platform. This might mean the content is out of date.