You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
It's not uncommon for k8s services to expose multiple ports using the same service resource, e.g. metrics and api ports.
When generating NetworkPolicys using Otterize, one can only allow access to all ports at once, which breaks the principle of least privilege.
Describe the solution you'd like
The intents-operator should allow specifying the targeted port by name or number in ClientIntents or ProtectedServices.
Describe alternatives you've considered
Workarounds for this issue include splitting the service into services with one port each, which may not be convenient with 3rd party software, or manually deploying NetworkPolicys.
Is your feature request related to a problem? Please describe.
It's not uncommon for k8s services to expose multiple ports using the same service resource, e.g.
metricsandapiports.When generating
NetworkPolicys using Otterize, one can only allow access to all ports at once, which breaks the principle of least privilege.Describe the solution you'd like
The intents-operator should allow specifying the targeted port by name or number in
ClientIntents orProtectedServices.Describe alternatives you've considered
Workarounds for this issue include splitting the service into services with one port each, which may not be convenient with 3rd party software, or manually deploying
NetworkPolicys.Additional context
This request was first made on Slack: https://otterizecommunity.slack.com/archives/C046SG6PRJM/p1726231851326429
The text was updated successfully, but these errors were encountered: