Conversation
Codecov Report
@@ Coverage Diff @@
## master #832 +/- ##
=======================================
Coverage 34.38% 34.38%
=======================================
Files 57 57
Lines 3743 3743
=======================================
Hits 1287 1287
Misses 2311 2311
Partials 145 145
Continue to review full report at Codecov.
|
5d4e392
to
5cdd6bd
Compare
@@ -869,6 +869,8 @@ write_files: | |||
key: etcd_endpoints | |||
- name: CALICO_NETWORKING_BACKEND | |||
value: "none" | |||
- name: CLUSTER_TYPE | |||
value: "kubeaws,canal" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just for my education, are there any conventions for deciding what the value should be?
For instance, kops seems to have kops,canal
for the value, which looks consistent with this one for kube-aws.
@redbaron @camilb @danielfm @c-knowles Are you using calico on your clusters? Anyways, FYI, there are some manual steps required to maintain your network policy behave the same as before while upgrading k8s to v1.7. |
@tmjd Thank you very much for the contribution with the detailed description 👍
Yes, they should. I'm going to add a note about the changes in the release note for the next kube-aws release 👍 |
@mumoshu, thanks. Not using it here. |
+1, I enabled it, but I'm not using network policies so far. |
Same for me, enabled but with no policy configured yet. |
Update Calico to v2.4.1
network plugin: Update Calico to v2.4.1
One thing that needs to be mentioned is that this update includes a change in the default deny behavior for network policy, Calico has switched this behavior to match the move of Kubernetes NetworkPolicy to v1. You can see the release notes for Calico at https://github.com/projectcalico/calico/releases/tag/v2.4.0 (see the changes under k8s-policy).
I am looking for guidance on how the kube-aws project would like to handle this behavior change or at least know that it is expected that users should understand the changes of the components they are using.
Just to point out how this new behavior works:
Release note: