There were alot of things people asked for when we started the network policy group a few years ago. Nowadays, there are alot of these things. Highlighted in yellow, are the policies which we now have, or will have soon in K8s thanks to the work of this badass group !
Action policies: Policies that allow you to define WHAT you do when a policy is encountered (Allow, Block, or Log). AdminNetworkPolicies (stoyocos yangding)
Prioritized Policies: Make it so that a deny can turn to an allow depending on how priority the policy is,. AdminNetworkPolicies (stoyocos yangding)
Overrides Allowing overrides (similar to prioritized policies) AdminNetworkPolicies (stoyocos yangding)
Secure gateway policies So that if X wants to access Y, it does it through a special wormhole.
Naming things So that CIDRBlocks or collections of IPs could be declaratively referenced
Namespace By Name so that you can block things based on a namespace name instead of label juggling . apiserver-default-labels (jay)
Default policies for k8s basics like kubernetes.defaullt.svc.local pod endpoints
Port Ranges i.e. so you can define a whole range of ports instead of just one . port ranges (ricardo)
Allow DNS no matter what i.e. cluster scoping certain policies that are critical/global
So, this is everything folks asked for when we started the NetworkPolicy working group....
No comments:
Post a Comment