Skip to main content
Calico Enterprise 3.19 (latest) documentation

Policy recommendation scope

The policy recommendation scope is a collection of configuration options to control policy recommendation in Manager UI.

To apply changes to this resource, use the following format:

$ kubectl patch policyrecommendationscope default -p '{"spec":{"<parameter>":"<value>"}}'

Example

$ kubectl patch policyrecommendationscope default -p '{"spec":{"interval":"5m"}}'

Definition​

Metadata​

FieldDescriptionAccepted ValuesSchemaDefault
nameThe name of the policy recommendation scope.defaultstring

Spec​

FieldDescriptionAccepted ValuesSchemaDefault
IntervalThe frequency to create and refine policy recommendations.2.5m (minutes)
InitialLookbackStart time to look at flow logs when first creating a policy recommendation.24h (hours)
StabilizationPeriodTime that a recommended policy should remain unchanged so it is stable and ready to be enforced.10m (minutes)

NamespaceSpec​

FieldDescriptionAccepted ValuesSchemaDefault
recStatusDefines the policy recommendation engine status.Enabled/DisabledDisabled
selectorSelects the namespaces for generating recommendations.!(projectcalico.org/name starts with ''tigera-'') && !(projectcalico.org/name starts with ''calico-'') && !(projectcalico.org/name starts with ''kube-'')
intraNamespacePassThroughTrafficWhen true, sets all intra-namespace traffic to Passtrue/falsefalse