identity: Introduce reserved:unmanaged identity#5898
Merged
Conversation
Contributor
Author
|
test-me-please Legit failure due to typo in header file generation |
f87285d to
e2ac6e0
Compare
Contributor
Author
|
test-me-please |
Member
|
test-missed-k8s |
Member
|
(just to check if there's upgrade/downgrade issues) |
aanm
approved these changes
Oct 16, 2018
ianvernon
approved these changes
Oct 16, 2018
jrajahalme
approved these changes
Oct 16, 2018
Contributor
Author
|
green builds. will address feedback from @jrajahalme |
Unmanaged endpoints are curently labeled with the identity reserved:init. This change was introduced for 1.3. While reserved:init correctly implements the cluster entity and also allows to define policy. It does not provide clear visibility and does not allow to define policy for unmanaged pods without also affecting managed pods in the init phase. Introduced a new identity reserved:unmanaged to map unmanaged endpoints to instead. The numeric value for the previous cluster identity can be utilized for this purpose. There is almost a 1:1 mapping of the previous intent of the cluster entity so re-using the value will cause the least potential for disruption when upgrading from 1.2 to 1.3. Signed-off-by: Thomas Graf <thomas@cilium.io>
e2ac6e0 to
4230413
Compare
Contributor
Author
|
test-me-please |
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Unmanaged endpoints are currently labeled with the identity reserved:init. This
change was introduced for 1.3. While reserved:init correctly implements the
cluster entity and also allows to define policy. It does not provide clear
visibility and does not allow to define policy for unmanaged pods without also
affecting managed pods in the init phase.
Introduced a new identity reserved:unmanaged to map unmanaged endpoints to
instead. The numeric value for the previous cluster identity can be utilized
for this purpose. There is almost a 1:1 mapping of the previous intent of the
cluster entity so re-using the value will cause the least potential for
disruption when upgrading from 1.2 to 1.3.
This change is