Policy recommendation scope
The policy recommendation scope is a collection of configuration options to control policy recommendation in Manager UI.
To apply changes to this resource, use the following format:
$ kubectl patch policyrecommendationscope default -p '{"spec":{"<parameter>":"<value>"}}'
Example
$ kubectl patch policyrecommendationscope default -p '{"spec":{"interval":"5m"}}'
Definition​
Metadata​
Field | Description | Accepted Values | Schema | Default |
---|---|---|---|---|
name | The name of the policy recommendation scope. | default | string |
Spec​
Field | Description | Accepted Values | Schema | Default |
---|---|---|---|---|
Interval | The frequency to create and refine policy recommendations. | 2.5m (minutes) | ||
InitialLookback | Start time to look at flow logs when first creating a policy recommendation. | 24h (hours) | ||
StabilizationPeriod | Time that a recommended policy should remain unchanged so it is stable and ready to be enforced. | 10m (minutes) |
NamespaceSpec​
Field | Description | Accepted Values | Schema | Default |
---|---|---|---|---|
recStatus | Defines the policy recommendation engine status. | Enabled/Disabled | Disabled | |
selector | Selects the namespaces for generating recommendations. | !(projectcalico.org/name starts with ''tigera-'') && !(projectcalico.org/name starts with ''calico-'') && !(projectcalico.org/name starts with ''kube-'') | ||
intraNamespacePassThroughTraffic | When true, sets all intra-namespace traffic to Pass | true/false | false |