Ctrlk
Page cover
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Create Guard to Deny All Egress

Create guard to deny all egress is used to create a Cloudeka Guard that will reject all outgoing traffic (egress) from pods with certain labels. By using this syntax, you can ensure that pods labeled app:client-default in the default namespace cannot access resources or services outside that namespace, unless explicitly allowed. You can first run the following syntax to create a YAML file with the name deny-all-egress.

nano deny-all-egress.yaml

Copy and paste the following YAML contents.

apiVersion: tenants.cloudeka.ai/v1alpha2
kind: CloudekaGuard
metadata:
  name: deny-all-egress
  namespace: default
spec:
  endpointSelector:
    matchLabels:
      app: client-default
  egress:
  - {}

After pasting the syntax, save the file by pressing Ctrl + O, then press the Enter key and exit the editor by pressing Ctrl + X. The next step is to apply Cloudeka Guard.

kubectl apply -f deny-all-egress.yaml

Last updated