A starter repo to donate to Kubernetes-sigs so the community can own and iterate on stories over time, with issue tracking, as we close out the policy++ wg
@cmluciano
cmluciano 1 hour ago Author Collaborator
I do not understand what the desired outcome is.
If CIDR rules are present within the cluster and are in use, than I'm not sure what the desired change in this story would be.
How do we develop a trust with newly added nodes or CIDRs if an outside controller is just adding whatever new information it sees from the API? This feels like a security hole if we're already using CIDRs within our cluster.
@rikatz
rikatz 1 hour ago Collaborator
This is related to https://docs.google.com/document/d/1AtWQy2fNa4qXRag9cCp5_HsefD7bxKe3ea2RPn8jnSs/edit#heading=h.ajvcztp6cza and my understanding here is creating maybe an object that groups a block of CIDR and then referencing those CIDR in the Network Policy (@jayunit100 is this the idea?).
I've been thinking about this approach, I think it makes more sense in the 'Ports' object, where I want to create a PortSet containing ports 80, 443, 8443, call it HTTPPorts and use this instead of a multiport in a network policy