Closed srinicrick65 closed 3 years ago
Guys i was able to fix this issue as it was an issue with Networkpolicy "egress-operator-public-egress" which was blocking the egress calls from Monzo Gress gateway service. I am now allowing all the Egress calls which goes through Monzo Egress gateway and to block the other domain calls i am applying deny all network policy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"networking.k8s.io/v1","kind":"NetworkPolicy","metadata":{"annotations":{},"name":"egress-operator-public-egress","namespace":"egress-operator-system"},"spec":{"egress":
creationTimestamp: "2021-08-30T19:14:24Z"
generation: 2
name: egress-operator-public-egress
namespace: egress-operator-system
resourceVersion: "12218"
uid: 26fc1787-1cc7-46ab-9f29-bfd2612f7160
spec:
egress:
- {}
podSelector:
matchLabels:
app: egress-gateway
policyTypes:
- Ingress
- Egress
Default Deny All for all the other domain to be blocked
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-external-egress
namespace: edge-system
spec:
podSelector: {}
policyTypes:
- Egress
egress:
- to:
- ipBlock:
# ensure your internal IP range is allowed here
# traffic to external IPs will not be allowed from this namespace.
# therefore, pods will have to use egress gateways
cidr: 172.0.0.0/8 #(update your CIDR here )
This issue is fixed
hi , When i am installing calico as CNI plugin for kubernetes k3s distribution and try the curl on the domain which has to go through egress gateway i am getting SSL issue . I am not sure what is the issue but i can see that the call is redirecting to the egress service. But when i am not having calico cni it works fine. Can someone help with this .
Requirement
curl 7.52.1 OpenSSL 1.1.0l 10 Sep 2019 (Library: OpenSSL 1.1.0j 20 Nov 2018) K3S_VERSION=v1.21.1+k3s1 Calico as CNI
root@nginx:/# curl https://github.com -v
externalServicegit.yaml
testPod.yaml