domino_admin_toolkit.checks.test_egress module

pydantic model domino_admin_toolkit.checks.test_egress.EgressAnalyzer

Bases: AnalyzerBase

Validates external egress connectivity for individual URL tests

Fields:

analyze(data)

Analyze egress connectivity for a single URL test

Return type:

list[CheckResult]

name: ClassVar[str] = 'EgressAnalyzer'
domino_admin_toolkit.checks.test_egress.egress_data()

Collect egress connectivity data for external services

domino_admin_toolkit.checks.test_egress.test_egress(egress_data)

Validates external egress connectivity for Domino platform services.

This check verifies outbound network connectivity from the Domino cluster to external services. Failures are expected and acceptable in air-gapped or isolated network environments.

Failure Conditions:

  • External URLs are not accessible via HTTP/HTTPS requests

  • Response status codes don’t match expected values (typically 200)

  • Network timeouts or connection errors occur

  • DNS resolution failures for external domains

Troubleshooting Steps:

  1. Test network connectivity using kubectl exec into a cluster pod and ping external domains

  2. Verify DNS resolution from within the cluster using nslookup or dig commands

  3. Check firewall rules and network policies via cloud provider console or network administration tools

  4. Review proxy configuration if corporate proxy is required for external access

  5. Validate SSL/TLS certificate trust store configuration for HTTPS endpoints

Resolution Steps:

  1. For intended internet-connected deployments: - Configure firewall rules to allow outbound traffic on ports 80/443 via cloud provider or network team - Update DNS configuration if domain resolution fails - Configure corporate proxy settings in cluster network configuration if required - Update certificate authority bundle if SSL certificate validation fails

  2. For air-gapped deployments: - This test failure is expected behavior and can be safely ignored - Configure private mirrors or repositories for required external dependencies - Ensure internal service alternatives are properly configured and accessible

Required Permissions:

  • Network policy configuration access (if connectivity issues need resolution)

  • Cloud provider networking configuration access

  • Corporate firewall/proxy configuration access (if applicable)