Reputation: 886
Add iptable rules by a pod inside itself and also in the worker node
I have a requirement where I'll deploy a pod and when it comes up I need to add some iptable rules inside the pod. At the same time, I need to add some iptable rules in the worker node on which the pod is running.
If I use "hostNetwork" option for the pod, the iptable rules which I need to add in the pod will also get added to the worker node.
How can this be achieved, where the pod itself adds iptable rules inside the pod as well as in the worker node.
Upvotes: 5
Views: 5596
Answers (1)
Reputation: 61661
Not recommended. ⛔
Basically, the kube-proxy and the network overlay generally heavily use iptables to make things happen in Kubernetes. Adding your own iptables could work but you would have to watch everything Kubernetes does and make sure anything you do doesn't conflict.
There is no specific tool that would help manage all of the iptables that Kubernetes creates along with the ones you create. This would only work at the node level. There isn't such a thing as adding iptables at the pod level.
You could use some of the networking objects like Network Policies to restrict traffic or if you are using Calico you can use a more advanced version of it.
Another option is just to have an external firewall that restrict some traffic to your nodes in your Kubernetes cluster.
✌️
Upvotes: 3
Related Questions
- Kubernetes in GCP: How a pod can access its parent node to perform some operation e.g. iptables update in node
- How to block outgoing traffic to ip in IP tables in K8S
- iptables rules for kube-dns
- Deny and allow traffic between pods in Kubernetes
- What iptables knows about pods?
- relationship between K8S iptables and the one of a container inside a pod
- How to modify source IP for a Pod in Kubernetes?
- Allow traffic where from-pod label equals to-pod label
- Implementing iptables rules on Kubernetes nodes
- Iptables error prevents Pod starting in Kubernetes