Open chasewilson opened 1 month ago
Hi @chasewilson, is it related to #3797 by any chance?
@EppO I dont think so. I think it is FQDN filtering based on the new observability tool https://retina.sh . It was mentioned on the roadmap for retina on the Azure Day at Kubecon Europe: https://youtu.be/hb__fHnx11s?feature=shared&t=2013
But I would love to hear from @chasewilson if this assumption is correct.
Retina focuses on observability, while FQDN filtering goes beyond this scope. One might expect FQDN filtering policies to be enforced at the CNI level, but this is not currently supported by the NetworkPolicy
resource.
Although Cilium has incorporated this feature via their CiliumNetworkPolicy
resource, Azure CNI powered by Cilium does not support it yet.
It's unclear whether creating an additional CRD for this feature at the Azure CNI level is more advantageous than using Cilium directly. While it would cover all non-Cilium clusters, advanced users tend to select their CNI based on specific needs and requirements.
Right, I just saw "FQDN filtering" on the retina roadmap and think it has something to do with ACNS FQDN policies. I hope @chasewilson can shed some light on this.
ACNS Standard tier supports FQDN Filtering
PP August 2024