Host resolving to multiple A records is constantly reordered

nais / fqdn-policy

FQDNNetworkPolicies let you create Kubernetes Network Policies based on Fully Qualified Domain Names(FQDNs) in addition to the standard functionality that only allows IP address ranges (CIDR ranges).

Apache License 2.0

2 stars 1 forks source link

Host resolving to multiple A records is constantly reordered #83

Open tenstad opened 2 hours ago

tenstad commented 2 hours ago

https://github.com/nais/fqdn-policy/blob/fcbf9432a7c800d5113ddde28f212be438f92177/controllers/fqdnnetworkpolicy_controller.go#L453-L475

The list should maybe be sorted, to avoid updating the resource on every reconcile?

egress:
    - ports:
        - protocol: TCP
          port: 443
      to:
        - ipBlock:
            cidr: 8.8.8.16/32
        - ipBlock:
            cidr: 8.8.8.15/32
        - ipBlock:
            cidr: 8.8.8.11/32
        - ipBlock:
            cidr: 8.8.8.10/32
        - ipBlock:
            cidr: 8.8.8.9/32
        - ipBlock:
            cidr: 8.8.8.13/32
        - ipBlock:
            cidr: 8.8.8.14/32
        - ipBlock:
            cidr: 8.8.8.17/32
        - ipBlock:
            cidr: 8.8.8.8/32

tenstad commented 2 hours ago

Would a simple https://pkg.go.dev/sort#Slice work?

sort.Slice(e.Answer, func(i, j int) bool { return e.Answer[i].String() < e.Answer[j].String() })

or after the frule.To loop:

sort.Slice(peers, func(i, j int) bool { return peers[i].IPBlock.CIDR < peers[j].IPBlock.CIDR })