I'm looking for a simple way to control access to my external hardware by blocking traffic on certain ports. Unfortunately, I can't use network policies, and my access to networking tools on the hardware is quite limited. Is it possible to define a Service in Kubernetes to intercept traffic directed at a specific IP and port and implement network controls there? Would this be considered an anti-pattern in Kubernetes?
5 Answers
If you need to handle an Ingress resource for something outside your cluster, setting up an EndpointSlice and Service for it can be a great method. You should be capable of doing network policies to manage that setup.
Depending on the Service Mesh and Gateway you’re using, you might be able to achieve this through Envoy. It's a powerful tool that can help manage and redirect traffic effectively.
Why can't you use network policies for your use case? They’re usually a solid choice for regulating traffic within Kubernetes.
What about pairing Kubernetes with WireGuard for your external hardware? It can simplify your setup quite a bit. For instance, you can configure it to allow certain IPs and ports while blocking others. Just an idea to explore!
You could technically proxy through a Service, but it might get messy and feel like you’re battling Kubernetes networking instead of utilizing it effectively. It might be better to set up a small proxy or gateway pod in front of it to control traffic. Also, check out the forum on Kubernetes networking—plenty of experts there who’ve probably experimented with similar setups!
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically