I want to access Pod IP from outside of Cluster.
First I don’t know that how to routing Pod IP.
And I want to deny access to Pod IP from outside of Cluster, defaultly.
Only a specific IP Pool should be made accessible.
I using Calico and eBGP.
How to advertise a specific Pod IP Pool?
Calico advertises pod IPs over BGP, so you need to peer Calico’s BGP, directly or indirectly, with all of the routers between the cluster and the places that you want to access from. Then those places will know how to route to pod IPs.
To restrict that to a specific IP pool, you can do it at the networking level, or at the policy level (or both).
By networking: configure import filters on your BGP routers, so that they only learn routes for the specific IP pool.
By policy: configure an ingress policy for all pods that:
allows from the pod CIDR, regardless of destination
allows from the cluster host CIDR, regardless of destination
allows from anywhere if destination is in your specific IP pool