Block egress traffic with Cilium network plugin

Introduction
I described a problem of testing software during unexpected loosing of connection or deny of external service, but in that post I told that there is no way to interrupt TCP connection by Kubernetes Network Policy. I was wrong, there is a way to do so. I just used another k8s network plugin where interruption of live TCP connection didn’t worked. But I found a solution and name for it — Cilium Network Policy
Cilium Network Policy
Cilium — is just another network policy for Kubernetes which should be installed first to be used which gives a possibility to achieve my target: block traffic to one pod and terminate exists TCP connections.
I created PoC project for test Cilium Network Policy which can be accessed at GitHub.
Network policy which blocks all traffic from a pod looks like:
1apiVersion: cilium.io/v2 2kind: CiliumNetworkPolicy 3metadata: 4 name: deny-server-egress 5 namespace: server 6spec: 7 endpointSelector: 8 matchLabels: 9 app: server 10 name: server 11 egress: 12 - {}
The same like a network policy from my previous post, but just changed "apiVersion" and "kind".
Pods logs after blocked traffic
Conclusions
As conclusion I want to say that during solving software problem I should try more to use already exists solutions rather than implement my own which I like too much. Modern search technologies, like ChatGPT or Google gives me a possibility to find another ways to achieve my target with sophisticated solution without recreated system architecture again.
Resources
đź“§ Stay Updated
Get weekly insights on backend development, architecture patterns, and startup building directly in your inbox.
Free • No spam • Unsubscribe anytime
Share this article
Related articles
How to Build a ReAct AI Agent for Cybersecurity Scanning with Python and LangGraph
Learn to build a ReAct AI agent for cybersecurity vulnerability scanning using Python and LangGraph. Complete tutorial with working code, token optimization techniques, and real-world implementation that finds critical vulnerabilities automatically.
From SaaS to Open Source: The Full Story of AI Founder
Discover why I pivoted AI Founder from a SaaS to an open-source project. Lessons learned, technical challenges, and honest advice for AI indie hackers.
Got a Specific Challenge? 🤔
Describe your backend challenge below to get a preliminary fixed-fee package suggestion and estimated price.
Please note: The initial proposal is generated by AI. A final, detailed proposal will be provided after a discovery call.