Home > Software design >  Is it possible to allow egress traffic by hostname?
Is it possible to allow egress traffic by hostname?

Time:01-13

K8s network policies allow specifying CIDRs, but I'd like to specify DNS name.

On a high level I'd see it working the following way:

  • There's a whitelist of allowed hosts
  • k8s intercepts IP resolution requests and checks whether host is whitelisted
  • if yes, resolved IPs are temporarily added to network policy thus allowing for egress traffic

Is there any way to achieve this functionality?

CodePudding user response:

vpc-cni does not implement k8s network policies. You need to replace vpc-cni with one of the EKS compatible CNI of your choice here that support using FQDN in the policy. Note upgrade may be required (eg. Calico Enterprise) to have this feature.

Page link:https//www.codepudding.com/Softwaredesign/260547.html

Prev:Removing the proxy and host from Netbeans
Next:Modify ClusterRole for Kubernetes
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding