New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle audit mode in cilium endpoint list and kubectl get cep #11011
Conversation
Please set the appropriate release note label. |
7289410
to
c8367ce
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you clarify the PR description a little bit? You're saying the if audit
mode is set the cilium endpoint list
will show Ingress/Egress policy as "Disabled"?
test-me-please |
@aanm I have updated description with examples of both commands to make it more clear. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CLI LGTM.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From a usability PoV it is not clear to me what "Audit" means, it's not clear if a policy is being enforced or not. I would prefer to see "Disabled (audit)"
c8367ce
to
14579a5
Compare
Updated state label from |
test-me-please |
CI (Ginkgo) failure seems related to the latest change, GKE looks more like a flake. PTAL. |
This patch improve enforcement status reporting for 'cilium endpoint list' and 'kubectl get cep'. Former will have a new audit status and later will show Enforcing=false when policy audit mode is enabled. Signed-off-by: Arthur Evstifeev <aevstifeev@gitlab.com>
14579a5
to
983b4bd
Compare
@joestringer Fixed regex escaping in the Gingko spec |
test-me-please |
PR #11011 added only the generated APIs, but not the changes to openapi.yaml and embedded_spec.go. Otherwise the respective consts are removed when regenerating the API. Add them to api/v1/openapi.yaml now. Fixes: 514a38b ("Handle audit mode in cilium endpoint list and kubectl get cep") Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
PR #11011 added only the generated APIs, but not the changes to openapi.yaml and embedded_spec.go. Otherwise the respective consts are removed when regenerating the API. Add them to api/v1/openapi.yaml now. Fixes: 514a38b ("Handle audit mode in cilium endpoint list and kubectl get cep") Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
[ upstream commit 0a173dc ] PR #11011 added only the generated APIs, but not the changes to openapi.yaml and embedded_spec.go. Otherwise the respective consts are removed when regenerating the API. Add them to api/v1/openapi.yaml now. Fixes: 514a38b ("Handle audit mode in cilium endpoint list and kubectl get cep") Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Chris Tarazi <chris@isovalent.com>
[ upstream commit 0a173dc ] PR #11011 added only the generated APIs, but not the changes to openapi.yaml and embedded_spec.go. Otherwise the respective consts are removed when regenerating the API. Add them to api/v1/openapi.yaml now. Fixes: 514a38b ("Handle audit mode in cilium endpoint list and kubectl get cep") Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Signed-off-by: Chris Tarazi <chris@isovalent.com>
This patch improve enforcement status reporting for
'cilium endpoint list' and 'kubectl get cep'. Former will have a new
audit status and later will show Enforcing=false when policy audit
mode is enabled.
cilium endpoint list
:kubectl get cep
: