I am wondering if egress policies can be set for external domains that are not part of the K8s namespace or K8s cluster. We have a usecase where we set the default policy of a namespace to deny all outgoing traffic and we then write egress and ingress rules for each application.
Some of these applications need access to the external domains. Are there policies that can be set to whitelist certain domains that are outside the cluster?
I am looking for something on the following lines
apiVersion: ""
kind:
metadata:
name: my-app-targets
spec:
targets:
- mydependency1.example.com:443
- mydependency2.example.com:443
- *.example.org:80Is this possible?
You can limit the egress IPs using network policies. But it isn't possible to declare egress DNS names.