Block pods to access certain endpoints(CNAME)

[vrathore18]

Cloud: AWS
Kubernetes: EKS
I just want to check if weave can solve the below issue.

I am looking to have a networkpolicy which will block specific pods to access to elasticache endpoint (CNAME something like this qa.xxxxx.xxxx.xx.cache.amazonaws.com:6379). I checked in calico, even they don't support a way to block outgoing connection to this endpoint.

I have checked this thread but didn't know if it was implemented
#2624

[bboreham]

Not at this time.

It has complications like:

• how fast should we re-query DNS to see if that name moved?
• the same IP address could be used for a different DNS name: should that be blocked or allowed?