1

How can I use use coredns acl plugin for the domain based access [blocking/allowing] the egress calls ? As per my use case I want to control the outgoing calls from my pod.
something like this :

. {
    acl {
        allow net stackoverflow.com
        block net google.com
    }
}

Note: I see in my default pods that coredns pod is already present with image: rancher/coredns-coredns:1.8.3. I understand that it comes default with k3s.

PS: I have already explored calico and other network policy but they are not fulfilling my requirement.

moonkotte
  • 290
  • 1
  • 8
solveit
  • 255
  • 2
  • 11
  • Most likely it won't help because `users are able to block or filter suspicious DNS queries by configuring IP filter rule sets`. 1 - it's about DNS queries only, 2 - I don't see anything about domain names in source, quote from URL you mentioned `SOURCE is the source IP address to match for the requests to be allowed or blocked. Typical CIDR notation and single IP address are supported. * stands for all possible source IP addresses.` – moonkotte Jul 05 '21 at 12:17
  • Ok. I am also exploring the last option: dns service https://serverfault.com/questions/1068401/domain-whitelisting-in-kubernetes-dns-service if it can provide the solution by modifying the manifest files. If you can confirm this too – solveit Jul 05 '21 at 12:42

0 Answers0