Kornilios Kourtis

From my side, after thinking about it, I think I would still prefer having it explicit. Is your motivation for suggesting the implicit approach purely ergonomic? Or is there something...

> I'm trying to figure out what is the right behavior is for when we cannot resolve due to a NULL pointer. My current approach is to indicate there was...

Hi, I think the issue is pretty obvious so I don't think there is a reason for a reproduction. One thing to note is that the limitation does not include...

@Andreagit97 thanks for posting this issue! The scalability problem that you are describing is definitely something we are aware of, and have been thinking about :) I'll try to find...

> In my above example, I imagine a shared tracing policy (a sort of security profile) where podSelector are mutually exclusive. I guess my point was that that's not how...

I still feel that this does not address my concern in https://github.com/cilium/tetragon/issues/4191#issuecomment-3415576691. What happens if the user writes: ```yaml apiVersion: cilium.io/v1alpha1 kind: ForEachWorkloadPolicyValues metadata: name: "values-1" spec: refPolicy: "block-not-allowed-process" selector:...

> I'll try to find some time to write more of my thoughts down, but before that I wanted to note two things. Another approach for solving the same issue...

As commented on https://github.com/cilium/tetragon/pull/4279#issuecomment-3479398152, I would suggest writing a CFP for this (https://github.com/cilium/design-cfps). We can enumerate the different approaches both from the interface side (CRDs) but also the implementation. Indeed,...

> In this case, what happens in the current PoC is that Tetragon logs a warning and overwrites the previous policy with the last one deployed I would argue that...

> > Not sure what the proper process would be, but maybe something like https://github.com/kkourt/tetragon-scalability-cfp would work? I've sent an invitation to the repo, and we can, of course, add...