New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
policy: Fix enforcement status for host endpoint #11759
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pchaigno
added
priority/release-blocker
sig/policy
Impacts whether traffic is allowed or denied based on user-defined policies.
release-note/misc
This PR makes changes that have no direct user impact.
labels
May 28, 2020
Coverage increased (+0.005%) to 36.883% when pulling ec3f873a411bf08b48f9d9590aab8d28501f2a6c on pr/pchaigno/fix-enforcement-status-host-firewall into d909b14 on master. |
aanm
reviewed
May 28, 2020
pchaigno
force-pushed
the
pr/pchaigno/fix-enforcement-status-host-firewall
branch
from
May 29, 2020 13:05
5b9ae54
to
ec3f873
Compare
Before this commit, host policy enforcement was reported as enabled as soon as policies were loaded for the host, even if the host firewall was disabled: ENDPOINT POLICY (ingress) POLICY (egress) IDENTITY LABELS (source:key[=value]) IPv6 IPv4 STATUS ENFORCEMENT ENFORCEMENT 318 Enabled Enabled 1 reserved:host ready 3423 Disabled Disabled 4 reserved:health f00d::a0f:0:0:7ba4 10.16.0.148 ready With this commit, enforcement will remain as disabled as long as the host firewall is disabled: ENDPOINT POLICY (ingress) POLICY (egress) IDENTITY LABELS (source:key[=value]) IPv6 IPv4 STATUS ENFORCEMENT ENFORCEMENT 318 Disabled Disabled 1 reserved:host ready 3423 Disabled Disabled 4 reserved:health f00d::a0f:0:0:7ba4 10.16.0.148 ready Fixes: f9c205d ("pkg/policy: Host network policies") Signed-off-by: Paul Chaignon <paul@cilium.io>
pchaigno
force-pushed
the
pr/pchaigno/fix-enforcement-status-host-firewall
branch
from
May 29, 2020 13:34
ec3f873
to
cd15279
Compare
test-me-please |
aanm
approved these changes
May 29, 2020
pchaigno
added
the
ready-to-merge
This PR has passed all tests and received consensus from code owners to merge.
label
May 30, 2020
34 tasks
pchaigno
added
the
area/host-firewall
Impacts the host firewall or the host endpoint.
label
Jul 20, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
area/host-firewall
Impacts the host firewall or the host endpoint.
ready-to-merge
This PR has passed all tests and received consensus from code owners to merge.
release-note/misc
This PR makes changes that have no direct user impact.
sig/policy
Impacts whether traffic is allowed or denied based on user-defined policies.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Before this commit, host policy enforcement was reported as "enabled" as soon as policies were loaded for the host, even if the host firewall was disabled:
With this commit, enforcement will remain as "disabled" as long as the host firewall is disabled:
Fixes: #11507