Kubernetes selective egress

1/31/2018

I am wondering if egress policies can be set for external domains that are not part of the K8s namespace or K8s cluster. We have a usecase where we set the default policy of a namespace to deny all outgoing traffic and we then write egress and ingress rules for each application.

Some of these applications need access to the external domains. Are there policies that can be set to whitelist certain domains that are outside the cluster?

I am looking for something on the following lines

apiVersion: ""
kind: 
metadata:
   name: my-app-targets
spec:
   targets:
   - mydependency1.example.com:443
   - mydependency2.example.com:443
   - *.example.org:80

Is this possible?

-- user_mda
kubernetes
networking

1 Answer

2/1/2018

You can limit the egress IPs using network policies. But it isn't possible to declare egress DNS names.

-- Lukas Eichler
Source: StackOverflow