Policy recommendation scope
The policy recommendation scope is a collection of configuration options to control policy recommendation in Manager UI.
To apply changes to this resource, use the following format:
$ kubectl patch policyrecommendationscope default -p '{"spec":{"<parameter>":"<value>"}}'
Example
$ kubectl patch policyrecommendationscope default -p '{"spec":{"interval":"5m"}}'
Definition
Metadata
| Field | Description | Accepted Values | Schema | Default |
|---|---|---|---|---|
| name | The name of the policy recommendation scope. | default | string |
Spec
| Field | Description | Accepted Values | Schema | Default |
|---|---|---|---|---|
| Interval | The frequency to create and refine policy recommendations. | 2.5m (minutes) | ||
| InitialLookback | Start time to look at flow logs when first creating a policy recommendation. | 24h (hours) | ||
| StabilizationPeriod | Time that a recommended policy should remain unchanged so it is stable and ready to be enforced. | 10m (minutes) |
NamespaceSpec
| Field | Description | Accepted Values | Schema | Default |
|---|---|---|---|---|
| recStatus | Defines the policy recommendation engine status. | Enabled/Disabled | Disabled | |
| selector | Selects the namespaces for generating recommendations. | !(projectcalico.org/name starts with ''tigera-'') && !(projectcalico.org/name starts with ''calico-'') && !(projectcalico.org/name starts with ''kube-'') | ||
| intraNamespacePassThroughTraffic | When true, sets all intra-namespace traffic to Pass | true/false | false |