Can I use Egress type NetworkPolicy to block certain CIDR ranges but allow all other egress traffic? Thanks in advance!
Short Answer: K8s Network Policy Deny policy is not available today on Kubernetes, however there alternatives (Cilium or Calico APIs)
Detailed answer:
Reference in K8s Net Policy Docs: Limitations: The ability to explicitly deny policies (currently the model for NetworkPolicies are deny by default, with only the ability to add allow rules). Alternatives to K8s Network policy could be:
a). Using Deny with Calico Network Policy - Use external IPs or networks rules in policy (Cons: Proprietary APIs, may require license)
b). Using Deny with Cilium Networking Policy - Layer 3 Examples — Cilium 1.11.2 documentation (require Installation of Cilium CNI)
NB: If you running on Managed K8s Clusters like GKE you can use Dataplane v2 which us based on Cilium. For EKS or AKS follow Cilium docs, however in this case CNI will not be managed
Hi, @linixtest
You can explore network policies from the link below: -