►
Description
See the new audit (listen-only) mode we're introducing as a follow up to the new Container Network Security MVC released in 12.7. This will involve another upstream contribution to the Cilium project.
A
A
For
12
seven,
we
were
able
to
push
out
our
first
MVC
for
our
container
network
security,
we're
leveraging
the
open
source
cilium.
That's
what
we're
doing
for
our
container
network
security
and
the
NB
c--
was
kind
of
the
quintessential
definition
of
minimal.
We
release
something
that
you
could
deploy.
A
You
could
stand
it
up
and
tear
it
down
and
you
could
apply
one
of
your
own
policies
to
it,
but
we
didn't
actually
choose
to
go
out
with
a
default
policy
because
we
didn't
want
to
take
the
risk
that
it
might
block
legitimate
traffic,
because
we,
of
course
we
couldn't
no
all
use
cases.
What's
interesting
about
psyllium
being
an
open
source
project,
that's
fairly
new,
is
it
didn't
actually
have
a
listen-only
mode?
It
was
only
able
to
log
events
for
traffic
that
had
blocked.
So
one
of
the
gitlab
philosophies
is
listen.
First,
then
act.
A
Well,
we
couldn't
really
listen
first,
so
we
chose
not
to
act.
So
it's
just
sort
of
a
for
those
of
our
users
who
are
already
familiar
with
psyllium
and
would
feel
comfortable,
deploying
their
own
configurations
totally
fine,
and
they
can
do
that
today.
But
we
really
want
to
get
to
a
spot
where
it
is
a
lot
more
seamless
and
automated,
especially
for
users
that
may
not
have
as
good
of
a
handle
on
something
like
that.
So
to
have
an
informed
default
policy,
we
need
to
be
able
to
do
this
listening
mode
or
audit
mode.
A
So
we're
gonna,
more
or
less
try
to
close
at
this
issue
to
deliver
our
audit
mode
for
network
policies.
So
this
will
be
a
great
first
step
and
allowing
us
to
start
as
well
as
our
users
to
certainly
monitoring
traffic
without
actually
taking
any
action
on
the
network,
and
this
will
inform
a
better
set
of
default
policies
both
for
us
and
for
our
users
and
customers
who
are
trying
to
use
this
in
their
environments.
So
really
looking
forward
to
this.