Skip to main content

Getting Started!

Welcome to the FQDN-Operator, an innovative Kubernetes operator designed to enhance network policy management by utilizing Fully Qualified Domain Names (FQDNs) in conjunction with Time-To-Live (TTL) settings. This operator is a game-changer for managing network policies that involve domain names, where IP addresses are subject to change. The FQDN-Operator not only translates FQDNs into IP addresses for NetworkPolicies but also intelligently uses TTL to determine when to recheck and update these resolutions.

Overview

The FQDN-Operator introduces a Custom Resource Definition (CRD) named FqdnNetworkPolicy. This CRD enables users to define network policies using domain names instead of static IP addresses. What sets this operator apart is its ability to resolve these domain names to their corresponding IP addresses and to use TTL values to know when to recheck and update these addresses. This dynamic approach ensures that network policies remain current and accurate, reflecting any changes in the IP addresses associated with the FQDNs.

Key Features

  • FQDN-Based Network Policies: Define network policies using domain names for clarity and ease of management.
  • Automatic IP Resolution with TTL: The operator resolves FQDNs to IPs and intelligently rechecks these resolutions based on TTL values, ensuring up-to-date network policies.
  • Dynamic and Timely Updates: Automatically updates NetworkPolicies in response to changes in the IP addresses associated with the FQDNs, based on the TTL.
  • Reduced Management Overhead: Significantly decreases the need for manual updates and monitoring of IP changes in network policies.

Use Cases

  • Dynamic DNS Environments: Ideal for environments with services that have dynamic or frequently changing IP addresses.
  • Enhanced Security Posture: Maintains accurate and timely network policies, crucial for security and compliance in dynamic network environments.
  • Operational Efficiency: Greatly simplifies network policy configuration and management, allowing teams to focus more on development and less on network administration.

Prerequisites

  • Kubernetes Version: Minimum 1.15
  • Tools and CLI
    • kubectl/oc: Users must have kubectl (for Kubernetes) or oc (for OpenShift) installed and configured to interact with the cluster. These tools are essential for deploying and managing the operator and its resources.
    • Kustomize: Ensure Kustomize is installed. It is used for customizing the deployment of the operator in the cluster.
  • DNS Configuration: A functional DNS service is required, either within the cluster (like kube-dns) or externally accessible. This is crucial for the operator to resolve FQDNs to IP addresses.
  • Resource Requirements: The fqdn-operator has minimal resource requirements, making it suitable for a wide range of cluster configurations. No specific CPU, memory, or storage requirements are necessary.
Let's Go

Time to get rid of your old IP based network policies!