network-policy-api [ENHANCEMENT] Add FQDN Selectors for Egress traffic

Is your enhancement request related to a problem? Please describe. This is an extension to https://github.com/kubernetes-sigs/network-policy-api/issues/126 which deals with the egress (northbound) use-case. Specifically, this enhancement deals with specifying Fully-Qualified Domain Names (FQDN) to identify the external peers in a connection.

Describe the solution you'd like User stories will be fleshed out in the NPEP, but a rough sketch can be found here

Describe alternatives you've considered The traditional alternative is to use IP selectors to specify external peers. This can be difficult to maintain and audit. It is also not user-friendly in situations where the peer is not controlled by the policy owner and the peers IP may change over time.

Additional context This is a pretty common feature already implemented by many CNIs. There has already been some discussion previously about extending Kubernetes NetworkPolicy but that was shelved due to the complexity of extending the existing v1 NetworkPolicy API (doc)

Aug 07 '23 19:08 rahulkjoshi

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

Jan 26 '24 00:01 k8s-triage-robot

/remove-lifecycle stale

Jan 30 '24 03:01 astoycos

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

Apr 29 '24 03:04 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle rotten
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

May 29 '24 04:05 k8s-triage-robot

/remove-lifecycle rotten

May 29 '24 05:05 rahulkjoshi

/cc @thockin

Jun 27 '24 05:06 aojea

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

Sep 25 '24 05:09 k8s-triage-robot

With the API merged, I think we can close this issue. Thanks to all who helped us deliver an awesome new selector.

Sep 25 '24 20:09 rahulkjoshi