Skip to content

Commit e71a719

Browse files
r4j4hr4j4h
authored
Update "Preventing Outbound access" section with new NetworkPolicy egress details
* Updated Calico docs to actually point people to calicoctl instructions * Added paragraph describing current transition state of NetworkPolicy re: egress and links to follow further * Added links to Calico docs for using only kubectl and official Kube docs now that egress support changes were merged in to them
1 parent ba2dc92 commit e71a719

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

calico/readme.adoc

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -385,4 +385,9 @@ Remove all the resources and the namespace using the command:
385385

386386
=== Preventing Outbound access
387387

388-
The Kubernetes Network Policies allow you to isolate inbound traffic only. To filter outbound traffic, you need to configure Calico directly using the `calicoctl` tool. Refer to the section https://docs.projectcalico.org/v2.6/getting-started/kubernetes/tutorials/advanced-policy[Prevent outgoing connections from pods] for further information.
388+
NetworkPolicy resources in Kubernetes versions prior to 1.8 allow you to isolate inbound traffic only. To filter outbound traffic, you need to configure Calico directly using the `calicoctl` tool. Refer to the section https://docs.projectcalico.org/v2.5/getting-started/kubernetes/tutorials/advanced-policy[Prevent outgoing connections from pods] for further information.
389+
390+
Kubernetes is an evolving project and for Kubernetes versions 1.8 and newer NetworkPolicy is growing to support egress traffic, so users of Kubernetes 1.8+ should refer to the section https://docs.projectcalico.org/v2.6/getting-started/kubernetes/tutorials/advanced-policy[Prevent outgoing connections from pods], which the same section as above but in the newer Calico version's docs updated for this upgrade and allows only using `kubectl`.
391+
392+
The https://kubernetes.io/docs/concepts/services-networking/network-policies/[Kubernetes official Network Policies Concepts Documentation] contains more information and examples around the egress support. Currently these changes are in beta state, with 1.10 the goal for general availability. Work towards completing egress support for NetworkPolicy can be tracked at https://github.com/kubernetes/features/issues/366[Kubernetes/Features: GA Egress support for Network Policy] and https://github.com/kubernetes/kubernetes/issues/22469[Kubernetes/Kubernetes: Kubernetes Network Policy].
393+

0 commit comments

Comments
 (0)