Azure - AKS - Egress

What is Egress in Kubernetes?

Egress is the outbound traffic leaving a pod, node, or cluster and going to another destination.

Simply:

Ingress = Traffic coming INTO the cluster

Egress = Traffic going OUT OF the cluster 

 

Example of Egress

Suppose your application pod calls an external API:

Pod
 ↓
api.stripe.com 

or

Pod
 ↓
Azure Storage

or

Pod
 ↓
Database outside cluster

All of these are egress traffic.


Ingress vs Egress

Ingress

Traffic enters the cluster:

 User
 ↓
Ingress Controller
 ↓
Service
 ↓
Pod


Egress

Traffic leaves the cluster:

Pod
 ↓
Internet / Storage / API

 

AKS Egress Flow

Typical AKS architecture:

Pod
 ↓
Node
 ↓
Subnet
 ↓
NAT Gateway / Load Balancer SNAT
 ↓
Internet

 

Why Egress Matters

Security teams often ask:

"Which destinations can pods access?"

Without controls:

Pod
 ↓
Any Internet Address 

This may violate security policies.

 

How Egress is Controlled

1. Kubernetes Network Policies

Using Kubernetes Network Policies, you can restrict pod communications.

Example:

Frontend Pod
 ↓
Backend Pod

Allowed

Comments

Post a Comment

Popular posts from this blog

Azure Migrate

Image
 Azure Site Recovery an earlier tool for migration: Thought purpose built for Disaster Recovery ASR: Azure Site Recovery Yes — Azure Site Recovery (ASR) is commonly used as a migration tool , even though its primary purpose is disaster recovery. How ASR Is Used for Migration Organizations use ASR to perform: Lift-and-shift migrations VMware to Azure migrations Hyper-V to Azure migrations Physical server to Azure migrations ASR replicates workloads continuously from on-premises infrastructure to Azure. During the final cutover, the replicated VM is started in Azure with minimal downtime. Migration Workflow Using ASR Typical Flow Discover on-prem servers Enable replication Continuous data synchronization Test failover (optional) Planned failover/cutover Azure VM becomes production workload This approach minimizes: Downtime Data loss Manual rebuild effort Why ASR Is Popular for Migration ASR vs Azure Migrate Real-World Use Case Example: Company has 200 VMware VMs on-premises. The...
Read more

Azure -- All Networking Components

   1. Virtual Network (VNet) 📌 One-paragraph explanation A Virtual Network (VNet) is the core private networking space in Azure where all cloud resources communicate securely. It is used to isolate workloads, control IP ranges, and create a private environment similar to a traditional data center network but fully software-defined in the cloud. 🔍 Details Where used: Hosting VMs, AKS clusters, databases, internal services Connected services: VM, Load Balancer, Application Gateway, Azure Firewall, Private Endpoint Dependencies: None (foundation component) Purpose in architecture: Acts as the main “network boundary” for all resources 🧩 2. Subnet 📌 One-paragraph explanation A subnet is used to divide a VNet into smaller logical networks so that different layers of an application (web, app, database) can be separated and controlled independently for security and traffic management. 🔍 Details Where used: Tiered architectures (web/app/db layers), microse...
Read more

All Kuberneters - Components

  Kubernetes Core Resources Explained 1. Pods What It Is A Pod is the smallest deployable unit in Kubernetes. It contains one or more containers that share: Network Storage Lifecycle Used For Running application containers Grouping tightly coupled containers together Example A web application container running inside a pod. 2. Deployments What It Is A Deployment manages Pods and ReplicaSets. Used For Rolling updates Application version upgrades Scaling applications Self-healing applications Example Deploying 3 replicas of an NGINX application. 3. ReplicaSets What It Is A ReplicaSet ensures a specified number of pod replicas are always running. Used For High availability Maintaining desired pod count Example Keeping 5 backend pods running at all times. 4. DaemonSets What It Is A DaemonSet ensures one pod runs on every node (or selected nodes). Used For Monitoring agents Log collectors Security agents Example Running Fluentd or Prometheus Node Exporter on all nodes. 5. StatefulSets W...
Read more