Support for AdminNetworkPolicy (ANP) and BaselineAdminNetworkPolicy (BANP)
davivcgarcia opened this issue · comments
What would you like to be added:
SIG-Networking is working on new user stories, focused on new CRDs:
- AdminNetworkPolicy (ANP)
- BaselineAdminNetworkPolicy (BANP)
It would be nice to understand if these capabilities are in the roadmap of AWSVPC CNI and Network Policy Agent.
More details at:
- https://network-policy-api.sigs.k8s.io/user-stories/
- https://www.youtube.com/watch?v=00nVssi2oPA
- https://www.youtube.com/watch?v=riSv0g-TNtI
Why is this needed:
Currently the NetworkPolicy APIs requires a combination of RBAC + Admission Controllers (ex.: OPA-Gatekeeper, Kyverno) to enforce cluster-level policies. Having these APIs supported natively at AWS-VPC CNI would reduce complexity of the overall cluster and dependency on third-party components.
Thanks for sharing the context. We are evaluating this support for Admin policies in response to this request - aws/containers-roadmap#2243
Closing this in favor of existing container roadmap tracking issue