About Egress

In general, traffic within a Space is unrestricted, but traffic outside of the Space is controlled through egress and ingress policy. Egress control is enabled at the ClusterGroup level by installing the egress.tanzu.vmware.com Capability package on the ClusterGroup.

After you install the egress.tanzu.vmware.com Capability, all Spaces on those clusters deny all egress traffic by default. To allow specific traffic to leave the Space, the Space must require the egress.tanzu.vmware.com Capability, and you must define an EgressPoint resource. The EgressPoint resource describes the network connections that are allowed to originate from within the Space and go to a destination outside of the Space. This is useful when an application must contact an external API, database, or other network service that is not within the Space. For instructions for creating an EgressPoint resource, see Manage Egress Rules.

If you want to allow all traffic to leave a Space, you can remove the egress.tanzu.vmware.com Capability and add the Space on this modified ClusterGroup.

check-circle-line exclamation-circle-line close-line
Scroll to top icon