k8s-triage-robot
commented
5 months ago The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue as fresh with
/remove-lifecycle stale - Close this issue with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
astoycos
rahulkjoshi
aojea
Is your enhancement request related to a problem? Please describe. This is an extension to https://github.com/kubernetes-sigs/network-policy-api/issues/126 which deals with the egress (northbound) use-case. Specifically, this enhancement deals with specifying Fully-Qualified Domain Names (FQDN) to identify the external peers in a connection.
Describe the solution you'd like User stories will be fleshed out in the NPEP, but a rough sketch can be found here
Describe alternatives you've considered The traditional alternative is to use IP selectors to specify external peers. This can be difficult to maintain and audit. It is also not user-friendly in situations where the peer is not controlled by the policy owner and the peers IP may change over time.
Additional context This is a pretty common feature already implemented by many CNIs. There has already been some discussion previously about extending Kubernetes NetworkPolicy but that was shelved due to the complexity of extending the existing v1 NetworkPolicy API (doc)