I'm just curious, what you guys are using to filter a pods egress traffic on Kubernetes.
I'm running a K8s cluster on GKE and Im already using (calico) network policies to do firewalling on ingress and egress traffic.
Now I have an situation where we need to access an external api which is running "behind" akamais edge network. Connection to the api is made using an URL and DNS resolution is changing from time to time. There is no fixed ip I can use in my network policy to allow access. It also seems not to be a solution to use all of akamais ip networks as a policy destination - akamai says used ip networks can change several times a week and therefore I would probably need to adjust the policy quite often.
So, I'm just wondering what a solution for this might look like? I've also stumbled about transparent proxies using iptables "tproxy" feature to redirecting traffic but I'm not sure if this is a general solution here? What about non HTTP traffic for example?
What are you guys using to deal with situations like this?
Probably write a daemon (an operator) that checks the DNS once a second or so and updates the network policy object. It depends on the impact of losing access for a few seconds while the system updates and how smoothly akamai does updates.