CFP: Add serviceaccount label in the default labels list #36923
Open
Description
Is your proposed feature related to a problem?
When using the following including label docs to configure the labels, the label io.cilium.k8s.policy.serviceaccount is not included by default, which will cause the cilium connectivity test fails and we have to include this label manually.
Describe the feature you'd like
Since cilium generates io.cilium.k8s.policy.serviceaccount by default all the endpoints as the following output shows, we should also include this label as the default label in the labelfilter pkg like #31178 does since this should be considered as the cilium internal implementation.
root@kind-worker2:/home/cilium# cilium-dbg endpoint list
ENDPOINT POLICY (ingress) POLICY (egress) IDENTITY LABELS (source:key[=value]) IPv6 IPv4 STATUS
ENFORCEMENT ENFORCEMENT
393 Disabled Disabled 1 reserved:host ready
1965 Disabled Disabled 65293 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system 192.168.1.98 ready
k8s:io.cilium.k8s.policy.cluster=kind-kind
k8s:io.cilium.k8s.policy.serviceaccount=coredns
k8s:io.kubernetes.pod.namespace=kube-system
Please assign to me if this is considered as the issue and I will work on the PR