How to allow access to kubernetes api using egress network policy?

后端 未结 3 1497
花落未央
花落未央 2021-02-13 14:36

Init container with kubectl get pod command is used to get ready status of other pod.

After Egress NetworkPolicy was turned on init container can\'t access

3条回答
  •  北荒
    北荒 (楼主)
    2021-02-13 15:19

    Update: Try Dave McNeill's answer first.

    If it does not work for you (it did for me!), the following might be a workaround:

      podSelector:
        matchLabels:
          white: listed
      egress:
        - to:
            - ipBlock:
                cidr: 0.0.0.0/0
    

    This will allow accessing the API server - along with all other IP addresses on the internet :-/

    You can combine this with the DENY all non-whitelisted traffic from a namespace rule to deny egress for all other pods.

提交回复
热议问题