kuberneteskubernetes-networkpolicy

Is it possible to allow egress traffic by hostname?


K8s network policies allow specifying CIDRs, but I'd like to specify DNS name.

On a high level I'd see it working the following way:

Is there any way to achieve this functionality?


Solution

  • PREVIOUSLY: vpc-cni does not implement k8s network policies. You need to replace vpc-cni with one of the EKS compatible CNI of your choice here that support using FQDN in the policy. Note upgrade may be required (eg. Calico Enterprise) to have this feature.

    UPDATE: VPC CNI now supports Kubernetes Network Policies.