user_mda
Reputation: 19378
Kubernetes selective egress
I am wondering if egress policies can be set for external domains that are not part of the K8s namespace or K8s cluster. We have a usecase where we set the default policy of a namespace to deny all outgoing traffic and we then write egress and ingress rules for each application.
Some of these applications need access to the external domains. Are there policies that can be set to whitelist certain domains that are outside the cluster?
I am looking for something on the following lines
apiVersion: ""
kind:
metadata:
name: my-app-targets
spec:
targets:
- mydependency1.example.com:443
- mydependency2.example.com:443
- *.example.org:80
Is this possible?
Upvotes: 1
Views: 555
Answers (1)
Lukas Eichler
Reputation: 5903
You can limit the egress IPs using network policies. But it isn't possible to declare egress DNS names.
Upvotes: 1
Related Questions
- Kubernetes networking policy for service restriction
- Kubernetes egress rule blocks all outgoing traffic
- Kubernetes network policy egress ports
- Allow Egress only to internet
- Allow egress traffic to single IP address
- Allow traffic where from-pod label equals to-pod label
- How to have a Kubernetes Pod connect to a destination only reachable by a subset of Nodes?
- kubernetes network policy - egress policy doesn'b block the traffic to go outside
- Kubernetes Network Policy Egress only allow to certain IP and port
- egress policy not getting applied with kubernetes 1.9