-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ENHANCEMENT] Add FQDN Selectors for Egress traffic #133
Comments
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
/remove-lifecycle rotten |
Is your enhancement request related to a problem? Please describe.
This is an extension to #126 which deals with the egress (northbound) use-case. Specifically, this enhancement deals with specifying Fully-Qualified Domain Names (FQDN) to identify the external peers in a connection.
Describe the solution you'd like
User stories will be fleshed out in the NPEP, but a rough sketch can be found here
Describe alternatives you've considered
The traditional alternative is to use IP selectors to specify external peers. This can be difficult to maintain and audit. It is also not user-friendly in situations where the peer is not controlled by the policy owner and the peers IP may change over time.
Additional context
This is a pretty common feature already implemented by many CNIs. There has already been some discussion previously about extending Kubernetes NetworkPolicy but that was shelved due to the complexity of extending the existing v1 NetworkPolicy API (doc)
The text was updated successfully, but these errors were encountered: