Commit cc29e1ba authored by Thong Kuah's avatar Thong Kuah

Merge branch 'cluster-applications-0-23-0' into 'master'

Update cluster-applications to 0.23.0

See merge request gitlab-org/gitlab!35691
parents ad5a179b c26fadf0
---
title: Update cluster-applications to 0.23.0
merge_request: 35691
author:
type: added
......@@ -58,12 +58,15 @@ prerequisites:
If you're using custom Helm values for Cilium, you must enable Hubble
with flow metrics for each namespace by adding the following lines to
your [Hubble values](../../clusters/applications.md#install-cilium-using-gitlab-cicd):
your [Cilium values](../../clusters/applications.md#install-cilium-using-gitlab-cicd):
```yaml
metrics:
enabled:
- 'flow:sourceContext=namespace;destinationContext=namespace'
global:
hubble:
enabled: true
metrics:
enabled:
- 'flow:sourceContext=namespace;destinationContext=namespace'
```
The **Container Network Policy** section displays the following information
......
......@@ -988,23 +988,21 @@ Major upgrades might require additional setup steps, please consult
the official [upgrade guide](https://docs.cilium.io/en/stable/install/upgrade/) for more
information.
By default, Cilium will drop all disallowed packets upon policy
deployment. The audit mode is scheduled for release in
[Cilium 1.8](https://github.com/cilium/cilium/pull/9970). In the audit
mode, disallowed packets will not be dropped, and audit
notifications will be generated instead. GitLab provides alternative Docker
images for Cilium with the audit patch included. You can switch to the
custom build and enable the audit mode by adding the following to
By default, Cilium drops all disallowed packets upon policy
deployment. In
[auditmode](https://docs.cilium.io/en/v1.8/gettingstarted/policy-creation/?highlight=policy-audit#enable-policy-audit-mode),
however, Cilium doesn't drop disallowed packets. You can use
`policy-verdict` log to observe policy-related decisions. You can
enable audit mode by adding the following to
`.gitlab/managed-apps/cilium/values.yaml`:
```yaml
global:
registry: registry.gitlab.com/gitlab-org/defend/cilium
config:
policyAuditMode: true
agent:
monitor:
eventTypes: ["drop", "audit"]
eventTypes: ["drop", "policy-verdict"]
```
The Cilium monitor log for traffic is logged out by the
......@@ -1026,22 +1024,24 @@ The [Hubble](https://github.com/cilium/hubble) monitoring daemon is
enabled by default and it's set to collect per namespace flow
metrics. This metrics are accessible on the [Threat Monitoring](../application_security/threat_monitoring/index.md)
dashboard. You can disable Hubble by adding the following to
`.gitlab/managed-apps/config.yaml`:
`.gitlab/managed-apps/cilium/values.yaml`:
```yaml
cilium:
installed: true
global:
hubble:
installed: false
enabled: false
```
You can also adjust Helm values for Hubble via
`.gitlab/managed-apps/cilium/hubble-values.yaml`:
`.gitlab/managed-apps/cilium/values.yaml`:
```yaml
metrics:
enabled:
- 'flow:sourceContext=namespace;destinationContext=namespace'
global:
hubble:
enabled: true
metrics:
enabled:
- 'flow:sourceContext=namespace;destinationContext=namespace'
```
NOTE: **Note:**
......
apply:
stage: deploy
image: "registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:v0.20.0"
image: "registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:v0.23.0"
environment:
name: production
variables:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment