Page cover

Create Guard to Allow Egress with IP/CIDR

Create guard to allow egress with IP/CIDR is used to create a CloudekaGuard that will allow outbound traffic (egress) from pods with certain labels to the specified IP address or IP range (CIDR). Using this script, you can control outbound access from pods labeled app:client-default in the ns1 namespace to permitted IP addresses or IP ranges, and even exclude certain sub-chains from larger IP ranges. This helps limit access to unwanted resources and improves security. You can first run the following syntax to create a YAML file with the name allow-egress-with-cidr.

nano allow-egress-with-cidr.yaml

Copy and paste the following YAML contents.

apiVersion: tenants.cloudeka.ai/v1alpha2
kind: CloudekaGuard
metadata:
  name: allow-egress-with-port
  namespace: ns1
spec:
  endpointSelector:
    matchLabels:
      app: client-default
  egress:
  - fromCIDR:
    - 192.168.1.100/32
  - fromCIDRSet:
    - cidr: 192.168.0.0/16
      except:
      - 192.168.1.0/24

After pasting the syntax, save the file by pressing Ctrl + O, then press the Enter key and exit the editor by pressing Ctrl + X. The next step is to apply for the Cloudeka Guard.

kubectl apply -f allow-egress-with-cidr.yaml

Last updated