We’re doing the same thing here but on egress traffic. The following NetworkPolicy definition will deny all outgoing traffic unless allowed by another rule:
git clone https://github.com/collabnix/kubelabs.git
cd kubelabs/Network_Policies101/
kubectl apply -f default-deny-egress.yaml
We can see that this is the case by switching over to our “access” pod in the namespace and attempting to wget google.com.
kubectl run --generator=run-pod/v1 --namespace=network-policy-demo access --rm -ti --image busybox /bin/sh
wget -q --timeout=5 google.com -O -
[node1 ~]$ kubectl run --generator=run-pod/v1 --namespace=network-policy-demo access --rm -ti --image busybox /bin/sh
If you don't see a command prompt, try pressing enter.
/ # wget -q --timeout=5 google.com -O -
wget: bad address 'google.com'
/ #