Rather than complicating the relation semantics further with network CIDR discovery can't we just use a list of /32's in the allowlist configuration to limit the cluster members to the actual IP's of the units in the deployment? This avoids the need to resolve the network CIDR's and would seem to resolve this problem by making the allowlist super specific.
I appreciate that if a new unit is then added this will always require use of the action.
Rather than complicating the relation semantics further with network CIDR discovery can't we just use a list of /32's in the allowlist configuration to limit the cluster members to the actual IP's of the units in the deployment? This avoids the need to resolve the network CIDR's and would seem to resolve this problem by making the allowlist super specific.
I appreciate that if a new unit is then added this will always require use of the action.