Give access only to a specific services in Kubernetes

[vhartmannselfee]

Hello,

I have several clients with wireguard connection to a kubernetes cluster,

I would like for a part of client to give access only to a specific services in Kubernetes, how i can achieve it ?

Thanks for your work,

Best,

[bryopsida]

You might be able to use a network policy to accomplish what you want.

• https://kubernetes.io/docs/concepts/services-networking/network-policies/
• https://docs.cilium.io/en/latest/security/policy/index.html

If you use cilium and have Hubble enabled: https://github.com/cilium/hubble You can observe the traffic flows along with IP addresses and labels and decide on a appropriate network policy.

[bryopsida]

You might also be able to do it with iptable rules using the PostUp and PostDown hooks in the wg0.conf file, assuming the clients are assigned consistent IP addresses.

https://linux.die.net/man/8/iptables