New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Doc for all-interfaces host endpoints #2232

Merged
merged 2 commits into from Oct 19, 2018

Conversation

Projects
None yet
2 participants
@neiljerram
Copy link
Member

neiljerram commented Oct 15, 2018

Todos

  • Release note

Release Note

A new flavor of HostEndpoint allows protecting the host as a whole, including from any workloads running on it.  So far, pre-DNAT policy is implemented by such endpoints.
[1] https://docs.projectcalico.org/master/getting-started/bare-metal/policy/pre-dnat

@neiljerram neiljerram force-pushed the neiljerram:hep-all-traffic branch from 78fbc0c to 491339d Oct 15, 2018

@neiljerram neiljerram requested a review from caseydavenport Oct 17, 2018

@caseydavenport caseydavenport added this to the Calico v3.4.0 milestone Oct 18, 2018

@@ -3,14 +3,27 @@ title: Host Endpoint Resource (HostEndpoint)
canonical_url: 'https://docs.projectcalico.org/v3.2/reference/calicoctl/resources/hostendpoint'
---

A host endpoint resource (`HostEndpoint`) represents an interface attached to a host that is running {{site.prodname}}.
Host endpoint resources (`HostEndpoint`) come in two flavors.

This comment has been minimized.

@caseydavenport

caseydavenport Oct 18, 2018

Member

I'm not sure if this is the right characterization of host endpoints, or at least not how I was imagining we'd represent it.

Rather than say there are two flavors, I feel it might be simpler / easier to understand if we say something like this:

  • "A host endpoint resource represents one or more real or virtual interfaces attached to a host that is running Calico"

Then, we talk about how the various ways you can specify which interfaces it represents:

  • By declaring specific IP addresses.
  • By declaring a specific interface name.
  • By selecting all interfaces on the host.

WDYT? The current wording doesn't seem wrong, but perhaps is harder to reason about, and loses the high-level "What does a host endpoint represent?" messaging.

This comment has been minimized.

@neiljerram

neiljerram Oct 19, 2018

Member

OK, fine, let me see if I can rework along those lines...

@neiljerram

This comment has been minimized.

Copy link
Member

neiljerram commented Oct 19, 2018

@caseydavenport How does that look?

@neiljerram neiljerram merged commit 8af54e8 into projectcalico:master Oct 19, 2018

2 checks passed

license/cla Contributor License Agreement is signed.
Details
semaphoreci The build passed on Semaphore.
Details

@neiljerram neiljerram deleted the neiljerram:hep-all-traffic branch Oct 19, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment