Closed aojea closed 3 weeks ago
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: aojea
The full list of commands accepted by this bot can be found here.
The pull request process is described here
/assign @danwinship
Dan please take a look
This looks like it will work (though you lose all the optimization once you add even a single ANP)...
Cluster Wide Policies are hard to implement in the dataplane
Another possibility would be to just add "local detector" options like kube-proxy (
--cluster-cidr
, use nodepodCIDRs
, etc)
Since the controller already has the pod information this looks simpler, kube-proxy does not watch pods and need to depend on those heuristics
It would still be better for it to be a command-line option, even if it's required. Required environment variables are terrible.
It would still be better for it to be a command-line option, even if it's required. Required environment variables are terrible.
I just want to fix the flake, let me open an issue to not forget and do the change
optimize the datapath not having to send all packets to user space, only the ones that are subject of network policies
Fixes: https://github.com/kubernetes-sigs/kube-network-policies/issues/10, #31, #12