Is it possible to allow egress traffic by hostname?

K8s network policies allow specifying CIDRs, but I'd like to specify DNS name.

On a high level I'd see it working the following way:

There's a whitelist of allowed hosts
k8s intercepts IP resolution requests and checks whether host is whitelisted
if yes, resolved IPs are temporarily added to network policy thus allowing for egress traffic

Is there any way to achieve this functionality?

Solution

PREVIOUSLY: vpc-cni does not implement k8s network policies. You need to replace vpc-cni with one of the EKS compatible CNI of your choice here that support using FQDN in the policy. Note upgrade may be required (eg. Calico Enterprise) to have this feature.

UPDATE: VPC CNI now supports Kubernetes Network Policies.

Is the kubernetes kubelet a DaemonSet?
Can you have multiple ingresses that use the same LoadBalancer?
K3s kubeconfig authenticate with token instead of client cert
K8S: How do I delete deployments with 0 replicas
Kubernetes resource versioning
How do I ssh into the VM for Minikube?
Seed MongoDB in local minikube cluster using skaffold
Why data is not persisting in my local directory? Kubernetes-Hadoop-Cluster
how to extract specific value from a configmap using oc client
Kubectl error: memcache.go:265] couldn’t get current server API group list: Get
Kustomize patching multiple path with same value
Pass environment variable into a Vue App at runtime
Unable to connect to service in same namespace in kubernetes
Django on Kubernetes Deployment: Best practices for DB Migrations
Helm convert data for nginx template
kubectl error You must be logged in to the server (Unauthorized) when accessing EKS cluster
is it possible to remote debugging java program in kubernetes using service name
Configure Microk8s
How to perform read queries on read replica in postgres?
Does NodePort route traffic only to pods that are hosted under node to which we send request? How to achieve that if it's not the case?
How do I uninstall minikube on a Mac?
At least one invalid signature was encountered
How to handle CPU contention for burstable k8s pods?
Istio TLS termination and mTLS
Helm does not upgrade rolebindings
Rabbit mq - Error while waiting for Mnesia tables
Struggling to get good performance for FastAPI on Kubernetes
How to create kubernetes secret with multiple values for one key?
Why do i need keepalived in kubernetes?
Unable to access my minikube cluster from the browser (❗ Because you are using a Docker driver on windows, the terminal needs to be open to run it.)