Create Guard to Deny All Egress

Create guard to deny all egress is used to create a Cloudeka Guard that will reject all outgoing traffic (egress) from pods with certain labels. By using this syntax, you can ensure that pods labeled app:client-default in the default namespace cannot access resources or services outside that namespace, unless explicitly allowed. You can first run the following syntax to create a YAML file with the name deny-all-egress.

nano deny-all-egress.yaml

Copy and paste the following YAML contents.

apiVersion: tenants.cloudeka.ai/v1alpha2
kind: CloudekaGuard
metadata:
  name: deny-all-egress
  namespace: default
spec:
  endpointSelector:
    matchLabels:
      app: client-default
  egress:
  - {}

After pasting the syntax, save the file by pressing Ctrl + O, then press the Enter key and exit the editor by pressing Ctrl + X. The next step is to apply Cloudeka Guard.

kubectl apply -f deny-all-egress.yaml

Last updated 1 year ago