Add an option to disable L3/L4 network policy correlation of flows#37986
Add an option to disable L3/L4 network policy correlation of flows#37986joestringer merged 2 commits intocilium:mainfrom
Conversation
|
Commit 070b3ad does not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
maintainer-s-little-helper
bot
added
dont-merge/needs-sign-off
github-actions
bot
added
the
kind/community-contribution
|
Commits 070b3ad, 3f79446 do not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
mereta
force-pushed
the
pr/l3l4-netpol-enrich-flag
branch
from
3f79446 to
ae35264
Compare
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-sign-off
|
Commit 4bb9c90 does not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
maintainer-s-little-helper
bot
added
the
dont-merge/needs-sign-off
mereta
force-pushed
the
pr/l3l4-netpol-enrich-flag
branch
from
4bb9c90 to
e9f6753
Compare
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-sign-off
|
Commit ed6eac4 does not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
maintainer-s-little-helper
bot
added
the
dont-merge/needs-sign-off
mereta
force-pushed
the
pr/l3l4-netpol-enrich-flag
branch
from
ed6eac4 to
f0eeedf
Compare
|
Commit ed6eac4 does not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
mereta
force-pushed
the
pr/l3l4-netpol-enrich-flag
branch
from
f0eeedf to
b9940e2
Compare
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-sign-off
anubhabMajumdar
left a comment
anubhabMajumdar
left a comment
There was a problem hiding this comment.
Can you add details about manual verification in a cluster? Thanks!
|
Thanks for the PR! Small mechanical suggestion just to help reviewers: Could you rebase + squash all the commits back into the top one? We often review commit-by-commit in the Cilium project and we don't admit merge commits into the tree (to ensure every commit compiles and simplify bisecting bugs in future). |
joestringer
added
the
release-note/minor
Thanks for the comments. Updated the PR in a separate commit :) |
|
Commit fe83438 does not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
1 similar comment
|
Commit fe83438 does not match "(?m)^Signed-off-by:". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
I need to remember to 'save all' 😅 Updated the commits now. |
gandro
left a comment
gandro
left a comment
There was a problem hiding this comment.
In terms of implementation, this looks good to me. I would recommend rewording the user exposed flag a bit though.
|
/test |
|
Re-running tests. Please avoid from rebasing unless strictly needed, as it invalidates CI results. We can restart tests without having to rebase. |
|
/test |
Gotcha. Is there anything I need to do now? |
|
The smoke tests are marked as a "Required" job to merge and there is a failure there that looks related to your PR: https://github.com/cilium/cilium/actions/runs/13951380856/job/39052000550?pr=37986#step:3:119 I would also suggest rebasing against the tip of |
squeed
left a comment
squeed
left a comment
There was a problem hiding this comment.
For consistency's sake, we call this "policy correlation" rather than enrichment. Can you adjust the variable and flag naming accordingly?
Hey! Thanks for the review! I have updated the naming throughout :) |
|
Looks good (though it needs a rebase). When things look good, comment with |
Signed-off-by: mereta <[email protected]>
Signed-off-by: mereta <[email protected]>
Rebased. Will start full test suite when images build successfully. Thanks @squeed! ☘️ |
|
/test |
2 similar comments
|
/test |
|
/test |
|
/ci-gateway-api |
|
Merged thanks! @mereta I see that the test framework did not respond to your request to run the tests. Only organization members can do this, and we do this to protect the infrastructure against abuse from the wider GitHub community. If you continue to contribute to Cilium, you might consider becoming an organization member to gain this privilege. For now we'd be happy to help you by triggering the tests. |
9 participants
Adding a config option to disable L3/L4 network policy correlation of Hubble flows.
This is enabled by default, only setting the flag to 'false' will cause a change in behavior.
the new flag can be set as such:
--set hubble.networkpolicycorrelation.enabled=falseor set in values.yaml :
.Values.hubble.networkpolicycorrelation.enabledFixes: #37528
Manual verification in a cluster:
hubble-network-policy-correlation-enabled: "false"--set hubble.networkpolicycorrelation.enabled=false