EppO
commented
3 weeks ago Hi @chasewilson, is it related to #3797 by any chance?
Open chasewilson opened 1 month ago
EppO
commented
3 weeks ago Hi @chasewilson, is it related to #3797 by any chance?
TheKangaroo
commented
2 weeks ago @EppO I dont think so. I think it is FQDN filtering based on the new observability tool https://retina.sh . It was mentioned on the roadmap for retina on the Azure Day at Kubecon Europe: https://youtu.be/hb__fHnx11s?feature=shared&t=2013
But I would love to hear from @chasewilson if this assumption is correct.
EppO
commented
2 weeks ago Retina focuses on observability, while FQDN filtering goes beyond this scope. One might expect FQDN filtering policies to be enforced at the CNI level, but this is not currently supported by the NetworkPolicy resource.
Although Cilium has incorporated this feature via their CiliumNetworkPolicy resource, Azure CNI powered by Cilium does not support it yet.
It's unclear whether creating an additional CRD for this feature at the Azure CNI level is more advantageous than using Cilium directly. While it would cover all non-Cilium clusters, advanced users tend to select their CNI based on specific needs and requirements.
TheKangaroo
commented
2 weeks ago Right, I just saw "FQDN filtering" on the retina roadmap and think it has something to do with ACNS FQDN policies. I hope @chasewilson can shed some light on this.
ACNS Standard tier supports FQDN Filtering
PP August 2024