Block egress traffic with Cilium network plugin
Introduction
I described a problem of testing software during unexpected loosing of connection or deny of external service, but in that post I told that there is no way to interrupt TCP connection by Kubernetes Network Policy. I was wrong, there is a way to do so. I just used another k8s network plugin where interruption of live TCP connection didn’t worked. But I found a solution and name for it — Cilium Network Policy
Cilium Network Policy
Cilium — is just another network policy for Kubernetes which should be installed first to be used which gives a possibility to achieve my target: block traffic to one pod and terminate exists TCP connections.
I created PoC project for test Cilium Network Policy which can be accessed at GitHub.
Network policy which blocks all traffic from a pod looks like:
1apiVersion: cilium.io/v2 2kind: CiliumNetworkPolicy 3metadata: 4 name: deny-server-egress 5 namespace: server 6spec: 7 endpointSelector: 8 matchLabels: 9 app: server 10 name: server 11 egress: 12 - {}
The same like a network policy from my previous post, but just changed "apiVersion" and "kind".
Pods logs after blocked traffic
Loading...
Conclusions
As conclusion I want to say that during solving software problem I should try more to use already exists solutions rather than implement my own which I like too much. Modern search technologies, like ChatGPT or Google gives me a possibility to find another ways to achieve my target with sophisticated solution without recreated system architecture again.
Resources
📧 Stay Updated
Get weekly insights on backend development, architecture patterns, and startup building directly in your inbox.
Free • No spam • Unsubscribe anytime
Share this article
Related articles
Shipping an iOS App as a Backend Engineer Who Doesn't Know Swift
A senior backend engineer with 9 years of experience and zero Swift knowledge shipped an iOS app to the App Store in one month using Claude Code. Learn the exact setup - plugins, System Design document, Quality Control feedback loop, and the real bugs that broke along the way - so you can apply backend engineering skills to mobile development with AI-assisted tooling.
What changed in the personal application development in the Vibe Coding era?
Discover how vibe coding with Claude Code changes personal application development. Learn why mobile-first apps eliminate cybersecurity risks, reduce infrastructure complexity, and let solo developers focus on features instead of managing servers, monitoring, and CI/CD pipelines.
