Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
wireguard: unconditionally add NodeInternalIPs to allowed IPs
[ upstream commit 1eb12e0 ] Currently, we add the remote NodeInternalIPs to the list of allowed IPs associated with a given WireGuard peer only in certain circumstances, and more specifically when either tunneling or node to node encryption are enabled. However, this logic doesn't practically buy us anything in terms of additional security, but causes potential traffic disruption in case users want to enable/disable node2node encryption in a running cluster. Hence, let's just get rid of it, and unconditionally add NodeInternalIPs to the list of allowed IPs. Signed-off-by: Marco Iorio <marco.iorio@isovalent.com>
- Loading branch information
1 parent
9610c09
commit 580a481
Showing
2 changed files
with
18 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters