See description to know about egress ips and proxy whitelisting

Egress IPs in OpenShift Container Platform (OCP) allow you to assign a stable, predictable source IP address to outbound traffic from specific namespaces or pods. By default, pods use the node’s IP when making external requests, which changes if pods reschedule. Egress IPs solve this by pinning outbound traffic to a fixed IP regardless of which node the pod runs on.
Why they’re used:
∙ Security & compliance — external systems (databases, APIs, SaaS tools) can whitelist a known IP rather than an entire subnet
∙ Auditability — traffic from a specific app/namespace is identifiable at the network layer
∙ Multi-tenancy — different teams/namespaces can have distinct egress IPs for isolation
Whitelisting destination URLs via proxy:
In OCP, outbound traffic often routes through an HTTP/HTTPS proxy (configured via cluster-wide proxy settings or per-workload env vars like HTTP_PROXY, HTTPS_PROXY). To whitelist specific destination URLs:
1. Cluster-wide proxy config — set in proxy/cluster object; use noProxy for destinations that should bypass the proxy
2. Allowlist at the proxy level — configure your proxy server (e.g., Squid) to permit only approved FQDNs/URLs
3. NetworkPolicy + EgressNetworkPolicy — OCP’s EgressNetworkPolicy (or AdminNetworkPolicy in newer versions) lets you define allow/deny rules for outbound destinations by CIDR or DNS name at the cluster level
4. Egress IP + firewall rule — combine a fixed egress IP with a firewall/proxy rule that only permits traffic from that IP to approved destinations
The combination of Egress IPs + proxy allowlisting gives you both source identity (who is sending) and destination control (where they’re allowed to go).

Видео See description to know about egress ips and proxy whitelisting канала qa_unfiltered