Skip to content

Egress

Egress modes are denylist and allowlist. Host values are hostnames or wildcard host patterns, not full URLs.

Terminal window
runta egress list
Terminal window
runta egress describe <runtime_name>

Replace the runtime egress policy.

Terminal window
runta egress set <runtime_name> --mode allowlist [--allow <host>...]
runta egress set <runtime_name> --mode denylist [--deny <host>...]
runta egress set -f <file>
OptionDescription
--mode <mode>denylist or allowlist. Required unless -f is used.
--allow <host>...Allowed hosts. Only valid with --mode allowlist.
--deny <host>...Denied hosts. Only valid with --mode denylist.
-f, --file <file>YAML policy file. Omit <runtime_name> when using a file.

denylist with no denied hosts is the default open policy. Use allowlist when a runtime should reach only explicitly named hosts.

YAML files use a top-level policies list:

policies:
- runtime: demo
mode: allowlist
allow:
- pypi.org
- "*.pythonhosted.org"
- runtime: crawler
mode: denylist
deny:
- example.com