calico icon indicating copy to clipboard operation
calico copied to clipboard

Published 20 hours ago verified publisher icon projectcalico

Ability to check network policies syntax using calicoctl dry-run

Open hahasheminejad opened this issue 4 years ago • 3 comments

Expected Behavior

Just wondering if a --dry-run option or anything similar is available for networkpolicy and globalnetworkpolicy kinds to check the validity of policies before applying.

The idea is to have a step in our pipeline for each PR to check the syntax/validity of rules before applying to the cluster.

Current Behavior

Possible Solution

Having --dry-run option for network policies.

Steps to Reproduce (for bugs)

Context

Your Environment

  • calicoctl version (e.g. calicoctl version):
  • calico/node version (e.g. docker run --rm calico/node versions)
  • Orchestrator type and version (e.g. kubernetes, mesos, rkt):
  • Operating System and version:
  • Link to your project (optional):

hahasheminejad avatar Apr 14 '20 12:04 hahasheminejad

This is a neat idea. I don't think we have anything like that right now, but a --dry-run or a --validate option would be really useful.

caseydavenport avatar Apr 23 '20 21:04 caseydavenport

I am looking into taking this on and trying to contribute! I am not entirely sure if this is the right process but I thought I would document that I am looking into this issue! :D

nuxeric avatar Jul 01 '20 23:07 nuxeric

+1

der-ali avatar Aug 02 '22 13:08 der-ali