-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
waf integration fixes / improvements #3158
waf integration fixes / improvements #3158
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM from WAF perspective and the changes we want to see with ruleset files.
19fe9e8
to
1680921
Compare
1680921
to
dc32783
Compare
Could you explain a bit further about this?
Primarily I'm wondering if this has impact on clusters that don't have internet access. Another way to ask what I'm curious about is, how does dikastes fetch the ruleset data that is being removed in this PR? Another thing I'm curious about, does this change what happens during upgrades? I think before this PR the ruleset gets installed/cached and then with future updates the existing ruleset would be used (I'm not sure about this behavior but it would match the behavior I usually expect with the operator). My thinking is that now if dikastes is fetching this data (or it is builtin) then I would think the data could change/update when upgrading. |
@tmjd sorry for the confusion, I typically call it API because it's an 'application programming interface' within the code.. not necessarily an API endpoint. in this case I meant to say that it that just means that in dikastes we're just loading the file directly instead of using a from
to
|
I discussed this a bit with @electricjesus and the intention is that when a user upgrades the ruleset will be updated along with the upgrade. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Description
This PR changes how coreruleset rules are delivered as part of the WAF integration
tigera.conf
For PR author
make gen-files
make gen-versions
For PR reviewers
A note for code reviewers - all pull requests must have the following:
kind/bug
if this is a bugfix.kind/enhancement
if this is a a new feature.enterprise
if this PR applies to Calico Enterprise only.