Skip to content

cilium-cli: add clustermesh inspect-policy-default-local-cluster cmd #39828

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 11, 2025
Merged

cilium-cli: add clustermesh inspect-policy-default-local-cluster cmd #39828

merged 2 commits into from
Jun 11, 2025

Conversation

MrFreezeex
Copy link
Member

@MrFreezeex MrFreezeex commented Jun 1, 2025
edited
Loading

Add a new cilium-cli command to prepare for the policy-default-local-cluster migration, followup to the main PR #39338.

The policy-default-local-cluster will change behavior of all network polciies to by default select the local cluster unless explictily specified (currently documented here https://docs.cilium.io/en/latest/network/clustermesh/policy/#allowing-specific-communication-between-clusters).

This new command will most likely get documented into some upgrade guide docs once we have determined when policy-default-local-cluster will be turned on by default.

The current output look like this:

❯ ./cilium clustermesh prepare-policy-default-local-cluster -A
⚠️ CiliumNetworkPolicy 2/3
        ✅ default/allow-cross-cluster
        ✅ default/allow-cross-cluster-any
        ⚠️ kube-system/allow-cross-cluster-test

✅ CiliumClusterWideNetworkPolicy 0/0

✅ NetworkPolicy 0/0

cilium-cli: add clustermesh inspect-policy-default-local-cluster command

Related to #36194 / #36194 (comment)

@MrFreezeex MrFreezeex requested review from a team as code owners June 1, 2025 21:37
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jun 1, 2025
@MrFreezeex MrFreezeex requested a review from asauber June 1, 2025 21:37
@github-actions github-actions bot added cilium-cli This PR contains changes related with cilium-cli cilium-cli-exclusive This PR only impacts cilium-cli binary labels Jun 1, 2025
@MrFreezeex MrFreezeex added release-note/minor This PR changes functionality that users may find relevant to operating Cilium. and removed dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Jun 1, 2025
@MrFreezeex
Copy link
Member Author

/test

@MrFreezeex MrFreezeex added the area/clustermesh Relates to multi-cluster routing functionality in Cilium. label Jun 1, 2025
@MrFreezeex MrFreezeex force-pushed the cli-list-policy-local-change branch from a109e73 to 4c4fe44 Compare June 1, 2025 21:56
@MrFreezeex
Copy link
Member Author

/test

giorio94
giorio94 reviewed Jun 3, 2025
View reviewed changes
Copy link
Member

@giorio94 giorio94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! A couple of comments inline

@MrFreezeex MrFreezeex marked this pull request as draft June 3, 2025 16:54
@MrFreezeex MrFreezeex force-pushed the cli-list-policy-local-change branch 4 times, most recently from 41d60b2 to 309f0f0 Compare June 5, 2025 19:58
@MrFreezeex
Copy link
Member Author

/test

@MrFreezeex
cilium-cli: add ListSlimNetworkPolicies in k8s client
376af5b 
Add list slim objects Network policies method to cilium-cli to prepare for a
new command to help with the policy-default-local-cluster migration.

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
@MrFreezeex MrFreezeex force-pushed the cli-list-policy-local-change branch from 309f0f0 to a3f3da4 Compare June 5, 2025 20:36
@MrFreezeex
Copy link
Member Author

/test

@MrFreezeex MrFreezeex marked this pull request as ready for review June 5, 2025 20:38
@MrFreezeex MrFreezeex removed request for a team and christarazi June 5, 2025 20:38
@MrFreezeex MrFreezeex requested a review from giorio94 June 5, 2025 20:39
@MrFreezeex MrFreezeex force-pushed the cli-list-policy-local-change branch from a3f3da4 to b5aa229 Compare June 5, 2025 20:46
@MrFreezeex
Copy link
Member Author

/test

asauber
asauber approved these changes Jun 9, 2025
View reviewed changes
Copy link
Member

@asauber asauber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Logic looks good to me. Can we call this "inspect-policy-default-local-cluster" or similar? The verb "prepare" to me implies that this will modify my policy.

@MrFreezeex MrFreezeex force-pushed the cli-list-policy-local-change branch from b5aa229 to 7396a85 Compare June 9, 2025 09:22
giorio94
giorio94 reviewed Jun 9, 2025
View reviewed changes
@MrFreezeex
cilium-cli: add clustermesh inspect-policy-default-local-cluster cmd
d670815 
Add a new command to inspect for the policy-default-local-cluster
migration.

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
@MrFreezeex MrFreezeex force-pushed the cli-list-policy-local-change branch from 7396a85 to d670815 Compare June 9, 2025 09:42
@MrFreezeex MrFreezeex requested a review from giorio94 June 9, 2025 09:44
@MrFreezeex MrFreezeex changed the title cilium-cli: add clustermesh prepare-policy-default-local-cluster cmd cilium-cli: add clustermesh inspect-policy-default-local-cluster cmd Jun 9, 2025
giorio94
giorio94 approved these changes Jun 9, 2025
View reviewed changes
Copy link
Member

@giorio94 giorio94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@MrFreezeex
Copy link
Member Author

/test

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 11, 2025
@giorio94 giorio94 enabled auto-merge June 11, 2025 07:02
@giorio94 giorio94 added this pull request to the merge queue Jun 11, 2025
Merged via the queue into cilium:main with commit c2c3ce9 Jun 11, 2025
89 of 92 checks passed
@HadrienPatte HadrienPatte mentioned this pull request Jul 1, 2025
Closed
@MrFreezeex MrFreezeex mentioned this pull request Jul 7, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asauber asauber asauber approved these changes

@youngnick youngnick youngnick approved these changes

@giorio94 giorio94 giorio94 approved these changes

Assignees
No one assigned
Labels
area/clustermesh Relates to multi-cluster routing functionality in Cilium. cilium-cli This PR contains changes related with cilium-cli cilium-cli-exclusive This PR only impacts cilium-cli binary ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@MrFreezeex @asauber @youngnick @giorio94