New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
clean-up: remove check for permissive CCNPs #27690
clean-up: remove check for permissive CCNPs #27690
Conversation
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
This check was designed to inform users of CCNP that the behaviour changed around the timeframe of v1.9. However, the actual check is complaining about policy that is valid. At this point there is no need to warn users during preflight checks that they are using empty endpoint selectors in CCNPs, because this can validly be used to select all Pods within the cluster. Remove the check. Signed-off-by: sh2 <shawnhxh@outlook.com> Signed-off-by: Joe Stringer <joe@cilium.io>
68f9500
to
ca1a642
Compare
I rebased & squashed the commits together and provided more context in the commit message. Running CI now. If that passes, this PR should be good to merge. |
I think that this could benefit users upgrading to v1.14, since it's currently causing preflight checks to fail for valid policy statements. I expect low risk for backporting. Marked for backport to v1.14. |
/test |
Please ensure your pull request adheres to the following guidelines:
description and a
Fixes: #XXX
line if the commit addresses a particularGitHub issue.
Fixes: <commit-id>
tag, thenplease add the commit author[s] as reviewer[s] to this issue.
This check was designed to inform users of CCNP that the behaviour
changed around the timeframe of v1.9. However, the actual check is
complaining about policy that is valid. At this point there is no need
to warn users during preflight checks that they are using empty endpoint
selectors in CCNPs, because this can validly be used to select all Pods
within the cluster. Remove the check.
Fixes: #27689