Support for AdminNetworkPolicy (ANP) and BaselineAdminNetworkPolicy (BANP)

[davivcgarcia]

What would you like to be added:

SIG-Networking is working on new user stories, focused on new CRDs:

• AdminNetworkPolicy (ANP)
• BaselineAdminNetworkPolicy (BANP)

It would be nice to understand if these capabilities are in the roadmap of AWSVPC CNI and Network Policy Agent.

More details at:

• https://network-policy-api.sigs.k8s.io/user-stories/
• https://www.youtube.com/watch?v=00nVssi2oPA
• https://www.youtube.com/watch?v=riSv0g-TNtI

Why is this needed:

Currently the NetworkPolicy APIs requires a combination of RBAC + Admission Controllers (ex.: OPA-Gatekeeper, Kyverno) to enforce cluster-level policies. Having these APIs supported natively at AWS-VPC CNI would reduce complexity of the overall cluster and dependency on third-party components.

[sjastis]

Thanks for sharing the context. We are evaluating this support for Admin policies in response to this request - https://github.com/aws/containers-roadmap/issues/2243

[jayanthvn]

Closing this in favor of existing container roadmap tracking issue