Skip to main content
Calico Cloud documentation

Policy recommendation scope

The policy recommendation scope is a collection of configuration options to control policy recommendation in Manager UI.

To apply changes to this resource, use the following format:

$ kubectl patch policyrecommendationscope default -p '{"spec":{"<parameter>":"<value>"}}'

Example

$ kubectl patch policyrecommendationscope default -p '{"spec":{"interval":"5m"}}'

Definition

Metadata

FieldDescriptionAccepted ValuesSchemaDefault
nameThe name of the policy recommendation scope.defaultstring

Spec

FieldDescriptionAccepted ValuesSchemaDefault
IntervalThe frequency to create and refine policy recommendations.2.5m (minutes)
InitialLookbackStart time to look at flow logs when first creating a policy recommendation.24h (hours)
StabilizationPeriodTime that a recommended policy should remain unchanged so it is stable and ready to be enforced.10m (minutes)

NamespaceSpec

FieldDescriptionAccepted ValuesSchemaDefault
recStatusDefines the policy recommendation engine status.Enabled/DisabledDisabled
selectorSelects the namespaces for generating recommendations.!(projectcalico.org/name starts with ''tigera-'') && !(projectcalico.org/name starts with ''calico-'') && !(projectcalico.org/name starts with ''kube-'')
intraNamespacePassThroughTrafficWhen true, sets all intra-namespace traffic to Passtrue/falsefalse