I have a service that I want to be able to access the internet and noother pods. However, ALL egress rules seem to block all egress.
# No NetworkPolicies
kubectl -n mytestnamespace exec service-c-78f784b475-qsdqg -- bin/bash -c 'curl www.google.com'
With no NetworkPolicy my pod can access the internet. Next I make a Networkpolicy that allows egress to all IP-addresses.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-all
namespace: mytestnamespace
spec:
podSelector: {}
policyTypes:
- Egress
egress:
- to:
- ipBlock:
cidr: 0.0.0.0/0
But now curl can no longer access the internet, but WHY??????
With NetworkPolicies allowing Egress to all IPs!
kubectl -n mytestnamespace exec service-c-78f784b475-qsdqg -- bin/bash -c 'curl www.google.com'
Why does this NetworkPolicy block all egress? Makes no sense!
It turns out that despite opening up to all IP-addresses, the networkpolicy does not allow egress to the DNS pod, which is in another namespace.
Next I add the dns label to the egress policy:
I apply the network policy and test the curl calls:
SUCCESS! Now I can make egress calls, next I just have to block the appropriate IP-addresses in the private network.