Host resolving to multiple A records is constantly reordered

[tenstad]

fqdn-policy/controllers/fqdnnetworkpolicy_controller.go

Lines 453 to 475 in fcbf943

	e, _, err := c.Exchange(m, "["+ns[0]+"]:53")
	if err != nil {
	log.Error(err, "unable to resolve "+f)
	continue
	}
	if len(e.Answer) == 0 {
	log.V(1).Info("could not find A record for " + f)
	}
	for _, ans := range e.Answer {
	if t, ok := ans.(*dns.A); ok {
	// Adding a peer per answer
	peers = append(peers, networking.NetworkPolicyPeer{
	IPBlock: &networking.IPBlock{CIDR: t.A.String() + "/32"}})
	// We want the next sync for the FQDNNetworkPolicy to happen
	// just after the TTL of the DNS record has expired.
	// Because a single FQDNNetworkPolicy may have different DNS
	// records with different TTLs, we pick the lowest one
	// and resynchronise after that.
	if ans.Header().Ttl < nextSync {
	nextSync = ans.Header().Ttl
	}
	}
	}

The list should maybe be sorted, to avoid updating the resource on every reconcile?

egress:
    - ports:
        - protocol: TCP
          port: 443
      to:
        - ipBlock:
            cidr: 8.8.8.16/32
        - ipBlock:
            cidr: 8.8.8.15/32
        - ipBlock:
            cidr: 8.8.8.11/32
        - ipBlock:
            cidr: 8.8.8.10/32
        - ipBlock:
            cidr: 8.8.8.9/32
        - ipBlock:
            cidr: 8.8.8.13/32
        - ipBlock:
            cidr: 8.8.8.14/32
        - ipBlock:
            cidr: 8.8.8.17/32
        - ipBlock:
            cidr: 8.8.8.8/32

[tenstad]

Would a simple https://pkg.go.dev/sort#Slice work?

sort.Slice(e.Answer, func(i, j int) bool { return e.Answer[i].String() < e.Answer[j].String() })

or after the frule.To loop:

sort.Slice(peers, func(i, j int) bool { return peers[i].IPBlock.CIDR < peers[j].IPBlock.CIDR })