You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is not needed for ipp=true node label (v0.1.1).
Even if a compromised node modifies the label, the node can't get unexpected pods to be scheduled, because the node is still tainted with ipp=true:NoSchedule, and the node can't modify the taint since Kubernetes v1.11
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-isolation-restriction
The text was updated successfully, but these errors were encountered: