I see the expected configuration details to accept traffic on specific ports, but is there a way to explicitly restrict all outbound traffic from my binaries w/ the exception of some pre-established allowlist?
I’m using distroless containers so I’m not positive I can easily futz with iptables or things of this nature. Looking for ideas on how to support this need!
There’s nothing built in, iptables are probably the best bet. The iptables plumbing is in the kernel so it’s possible to get the tooling you need into distroless containers.
You could also go full cloud-native and do something with BPF.
Interesting, this is true, I had not considered approaching it from that angle, especially with nothing specific available from the Fly platform.
I’m working w/ the JVM + Distroless, have you heard of any packages I might want to review as I research more literature around BPF in a context like that?
RE: That redhat article, I happened to run into that in my research, can’t say I learned anything new but yeah, I get that it’s just “someone else’s distro”, I just prefer the design of it.