Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

calico policy artifacts source of truth validation #124

Open
onlysource opened this issue Apr 12, 2021 · 3 comments
Open

calico policy artifacts source of truth validation #124

onlysource opened this issue Apr 12, 2021 · 3 comments
Assignees
@sujeetch
Labels
design needed Requires design approach/discussion enhancement New feature or request priority/low Items that are considered non-critical for functionality, such as quality of life improvements size l 5-7+ days [multiple functional areas; complex function or capability, or multiple PSs]
Milestone
Future

Comments

@onlysource
Copy link

onlysource commented Apr 12, 2021
edited
Loading

Problem description (if applicable)
In order to protect the environment, pre-determined calico policies will need to be in place, as desired. For any un-planned/un-tested/accidental policy changes locally, could lead to potential disruption in the environment, leading to service-denial or intrusions.

Proposed change
Develop a tool, that could validate/compare local user input (policies) with the deployment repository. This tool can be called when applying the calico policies via airshipctl (with calicoctl image integrated). Creating a daemon process that would run this tool frequently and logs warning/alerts is valuable. Although, network connectivity constraints to reach 'deployment repository' will need to be considered for this effort.

Potential impacts
Unintended accidental policy updates/changes could cause environment unusable.
@onlysource onlysource added enhancement New feature or request triage labels Apr 12, 2021
@jezogwza jezogwza added 2-Manifests Relates to manifest/document set related issues design needed Requires design approach/discussion triage and removed triage 2-Manifests Relates to manifest/document set related issues labels Apr 21, 2021
@jezogwza jezogwza added this to the v2.1 milestone Apr 21, 2021
@jezogwza jezogwza removed the triage label Apr 21, 2021
@sujeetch
Copy link

Please assign to me

@eak13
Copy link

eak13 commented May 12, 2021

All yours.

@lb4368 lb4368 added the size l 5-7+ days [multiple functional areas; complex function or capability, or multiple PSs] label May 14, 2021
@eak13 eak13 modified the milestones: v2.1, Future May 19, 2021
@eak13 eak13 added the priority/low Items that are considered non-critical for functionality, such as quality of life improvements label May 19, 2021
@michaelfix
Copy link

Related PS: https://review.opendev.org/c/airship/treasuremap/+/793094

@jezogwza jezogwza modified the milestones: Future, v2.1 Jul 7, 2021
@onlysource onlysource changed the title Cleanup calico policy stale artifacts calico policy artifacts source of truth validation Jul 14, 2021
@lb4368 lb4368 modified the milestones: v2.1, Future Oct 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sujeetch sujeetch

Labels
design needed Requires design approach/discussion enhancement New feature or request priority/low Items that are considered non-critical for functionality, such as quality of life improvements size l 5-7+ days [multiple functional areas; complex function or capability, or multiple PSs]
Projects
None yet
Milestone
Future
Development

No branches or pull requests
6 participants
@onlysource @lb4368 @michaelfix @eak13 @jezogwza @sujeetch