Open
Conversation
e57866f to
0882fd0
Compare
This comment was marked as outdated.
This comment was marked as outdated.
0882fd0 to
c23ef68
Compare
- Add sync-wave annotation and background field to Kyverno policy so it deploys correctly via ArgoCD - Remove non-discriminating backend-to-cache connectivity validator (HTTP against Redis always returns status 0 regardless of connectivity) - Rewrite initialSituation to avoid spoiling NetworkPolicies as root cause Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ge and backend stability - Extend Kyverno UPDATE deny rules to backend-policy and cache-policy, closing the two remaining bypass paths (previously only gateway-policy was protected); error message on backend-policy hints at additive NetworkPolicy approach - Add backend-service-identity validation (condition check on tier=backend label) to surface partial progress when one fix is applied before the other - Decouple backend HTTP server from cache check loop: cache probe runs in background with sleep 5, HTTP listener runs in a dedicated foreground loop, eliminating timing-dependent flakiness on gateway-to-backend validation - Soften intermediate validation description from "tier-based routing" to "required by the network layer" to avoid hinting at the fix mechanism - Update description and initialSituation to signal multiple simultaneous changes without revealing root causes Score improved from 14/20 to 19/20 (Pass) across two review iterations. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…eployment Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… bypass Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…eutralize description - Convert Policy to ClusterPolicy (cluster-scoped, not deletable by namespaced users) - Add namespace scoping to all ClusterPolicy rules - Backend HTTP server returns 503 when cache unreachable (gateway-to-backend fails in broken state) - backend-service-identity uses Initialized instead of Ready to preserve intermediate signal - Neutralize backend-service-identity description Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.