Open rahulkjoshi opened 11 months ago
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
/remove-lifecycle rotten
/cc @thockin
Is your enhancement request related to a problem? Please describe. This is an extension to https://github.com/kubernetes-sigs/network-policy-api/issues/126 which deals with the egress (northbound) use-case. Specifically, this enhancement deals with specifying Fully-Qualified Domain Names (FQDN) to identify the external peers in a connection.
Describe the solution you'd like User stories will be fleshed out in the NPEP, but a rough sketch can be found here
Describe alternatives you've considered The traditional alternative is to use IP selectors to specify external peers. This can be difficult to maintain and audit. It is also not user-friendly in situations where the peer is not controlled by the policy owner and the peers IP may change over time.
Additional context This is a pretty common feature already implemented by many CNIs. There has already been some discussion previously about extending Kubernetes NetworkPolicy but that was shelved due to the complexity of extending the existing v1 NetworkPolicy API (doc)