Closed afritzler closed 5 months ago
some questions from top of my head:
LabelSelector
section in a NetworkPolicy
?LabelSelector
section? NetworkPolicy
API? It seems cumbersome to have logic to union the list of NetworkInterfaces
chosen by LabelSelector
and NetworkPolicyTargets
Closing in favor of https://github.com/ironcore-dev/ironcore-net/issues/275
Objective
To design and introduce a new type within our network configuration API named
NetworkPolicyTargets
. This type will be utilized to specifically defineNetworkInterfaces
as the targets of aNetworkPolicy
, aiming to enhance granularity and control over network traffic rules.Background
While our existing
NetworkPolicy
implementation offers the capability to set broad network traffic rules, there's a need for more granular control. Specifically, there's a requirement to precisely targetNetworkInterfaces
with these policies. The introduction of theNetworkPolicyTargets
type aims to address this need, enabling users to specifyNetworkInterfaces
directly as policy targets.Requirements
NetworkInterfaces
: TheNetworkPolicyTargets
type should allow for the explicit specification ofNetworkInterfaces
as targets of a network policy.NetworkPolicyTargets
is fully compatible with the currentNetworkPolicy
structure, enhancing functionality without disrupting existing definitions.NetworkPolicyTargets
should prioritize ease of use, allowing for intuitive specification of network interface targets in network policies.Proposed API Changes
Introduction of
NetworkPolicyTargets
Type:NetworkInterfaces
as targets. Each target can be defined by attributes such asUID
andName
.Specification Example:
NetworkPolicyTargets
type within network policies, emphasizing the targeting ofNetworkInterfaces
.Next Steps