By Pradeep Kudukkil — Mar 8, 2025

Kubernetes Network Policy: Control Outbound Traffic to Specific APIs

Real-World Use Case: Controlling outbound traffic from your client pods by limiting their connections to specific APIs ensures that your pods are not sending data to unauthorized or malicious destinations.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-external-api
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: client
  policyTypes:
  - Egress
  egress:
  - to:
    - ipBlock:
        cidr: Nginx-pod-ip/32  # IP of your Nginx pod - first complete below pods creation command
    ports:
    - protocol: TCP
      port: 80

Testing the Policy:

Deploy a client pod:
kubectl run client --image=busybox --restart=Never --labels=app=client -- sleep 3600

Deploy a Nginx pod:
kubectl run Nginx-pod --image=nginx 

Access the client pod and try to connect to the Nginx pod:
kubectl exec -it client -- sh
wget -qO- http://Nginx-pod-ip

Expected Result: The request should succeed, and any other outbound connections should fail.

Deleting Pods and Network Policy:

kubectl delete pod client
kubectl delete pod Nginx-pod
kubectl delete networkpolicy allow-external-api -n default

Kubernetes Network Policy: Control Outbound Traffic to Specific APIs

Kubernetes Network Policy Allow Only HTTP Traffic to Your Web Application

Kubernetes Network Policy: Allow DNS Resolution for Both Internal and External Services, Block All Other Traffic