Hi all,
I’m struggling to find a proper solution and can’t imagine I’m the first at this so I might have missed something completely.
When CNI is enabled, init containers obviously don’t have network connectivity as the proxy container doesn’t exist yet.
What I don’t understand is why we don’t have an option to set outbound exclusions based on DNS names.
For example accessing vault via an init container is now impossible, and excludeOutboundIPRanges is not possible as the IP is not static.
The solution I see is allow port 8200 for everything, but why is it not possible to resolve DNS at pod creation and use those addresses?
For example:
excludeOutboundDNSName: vault.vault.svc.cluster.local
Best regards,
Sander