Egress Policies

Egress policies control which external services and pods each MATIH service can communicate with. They prevent compromised pods from making unauthorized outbound connections and limit the blast radius of security incidents by restricting lateral movement within the cluster.

Egress Policy Pattern

Every service NetworkPolicy includes standard egress rules for DNS resolution plus service-specific dependencies:

egress:
  # Always allow DNS resolution
  - to:
      - namespaceSelector: {}
        podSelector:
          matchLabels:
            k8s-app: kube-dns
    ports:
      - protocol: UDP
        port: 53
      - protocol: TCP
        port: 53
 
  # Service-specific dependencies
  - to:
      - podSelector:
          matchLabels:
            app: postgresql
    ports:
      - protocol: TCP
        port: 5432

AI Service Egress Rules

The AI Service requires egress to multiple internal and external services:

Destination	Namespace	Port	Protocol	Purpose
kube-dns	kube-system	53	UDP/TCP	DNS resolution
Qdrant	matih-data-plane	6333, 6334	TCP	Vector search (HTTP + gRPC)
Redis	matih-data-plane	6379	TCP	Session cache
PostgreSQL	matih-data-plane	5432	TCP	Persistent storage
Kafka	matih-data-plane	9092	TCP	Event streaming
Query Engine	matih-data-plane	8080	TCP	SQL execution
Dgraph	matih-data-plane	8080, 9080	TCP	Context Graph
External LLM APIs	Internet	443	TCP	OpenAI, Anthropic

AI Service Egress Policy

egress:
  # DNS
  - to:
      - namespaceSelector: {}
        podSelector:
          matchLabels:
            k8s-app: kube-dns
    ports:
      - protocol: UDP
        port: 53
      - protocol: TCP
        port: 53
 
  # Qdrant vector store
  - to:
      - namespaceSelector:
          matchLabels:
            name: matih-data-plane
        podSelector:
          matchLabels:
            app.kubernetes.io/name: qdrant
    ports:
      - protocol: TCP
        port: 6333
      - protocol: TCP
        port: 6334
 
  # Redis
  - to:
      - namespaceSelector:
          matchLabels:
            name: matih-data-plane
        podSelector:
          matchLabels:
            app.kubernetes.io/name: redis
    ports:
      - protocol: TCP
        port: 6379
 
  # External HTTPS (LLM providers)
  - to:
      - ipBlock:
          cidr: 0.0.0.0/0
          except:
            - 10.0.0.0/8
            - 172.16.0.0/12
            - 192.168.0.0/16
    ports:
      - protocol: TCP
        port: 443

Service Egress Requirements

Service	Internal Dependencies	External Access
AI Service	PostgreSQL, Redis, Qdrant, Kafka, Query Engine, Dgraph	LLM APIs (HTTPS 443)
Query Engine	PostgreSQL, Trino, ClickHouse	None
ML Service	PostgreSQL, Redis, MLflow, Ray, Object Store	None
API Gateway	All backend services	None
Catalog Service	PostgreSQL, OpenMetadata	None

External Access Control

For services requiring internet access (AI Service for LLM APIs), egress is restricted to HTTPS only (port 443) with private IP ranges excluded:

- to:
    - ipBlock:
        cidr: 0.0.0.0/0
        except:
          - 10.0.0.0/8
          - 172.16.0.0/12
          - 192.168.0.0/16
  ports:
    - protocol: TCP
      port: 443

This allows outbound HTTPS to public endpoints while preventing use of the external egress rule for cluster-internal lateral movement.

Helm Values Configuration

Additional egress rules can be added through Helm values:

networkPolicy:
  enabled: true
  egress:
    - to:
        - podSelector:
            matchLabels:
              app: custom-dependency
      ports:
        - port: 8080

Troubleshooting

Issue	Symptom	Resolution
DNS failures	Name resolution errors	Ensure DNS egress rule is present
LLM API timeout	Cannot reach OpenAI/Anthropic	Verify HTTPS egress rule with ipBlock
Database connection refused	PostgreSQL connection failures	Check egress port and pod selector
Kafka connection error	Cannot produce/consume events	Verify Kafka pod label matching

Ingress Policies Tenant Isolation