-
Notifications
You must be signed in to change notification settings - Fork 297
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: CIDR allow list for API server access #1419
Conversation
✅ Deploy Preview for hypershift-docs ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sjenning The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This lgtm, I assume it's WIP because you're still testing it? |
WIP because I need to add a rule that is always present for private clusters to allow nodes access over PrivateLink |
@sjenning: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
This is a dead end. NetworkPolicies are not a suitable mechanism for this with the SNATing that occurs for off cluster traffic. |
What this PR does / why we need it:
Implements CIDR allow list for API server access
https://issues.redhat.com/browse/HOSTEDCP-240
WIP: Still need to figure out the private address range the nodes use to connect over PrivateLink so we can always allow that.
Which issue(s) this PR fixes (optional, use
fixes #<issue_number>(, fixes #<issue_number>, ...)
format, where issue_number might be a GitHub issue, or a Jira story:Fixes #
Checklist