K
Q

Is it possible to allow egress traffic by hostname?

1/12/2022

K8s network policies allow specifying CIDRs, but I'd like to specify DNS name.

On a high level I'd see it working the following way:

  • There's a whitelist of allowed hosts
  • k8s intercepts IP resolution requests and checks whether host is whitelisted
  • if yes, resolved IPs are temporarily added to network policy thus allowing for egress traffic

Is there any way to achieve this functionality?

-- Pavel Voronin
kubernetes
kubernetes-networkpolicy

Similar Questions

Multiple databases with Kubernetes
Kubernetes: Automatically determine IP Address of another pod/container
How to configure endpoints and esp to publish gRPC with enabled ServerReflection feature
How to enable VT-X/AMD-v on Google Cloud Platform VM's?
Helm jenkins/latest unable to run docker command

1 Answer

1/12/2022

vpc-cni does not implement k8s network policies. You need to replace vpc-cni with one of the EKS compatible CNI of your choice here that support using FQDN in the policy. Note upgrade may be required (eg. Calico Enterprise) to have this feature.

-- gohm'c
Source: StackOverflow