-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[question] Why is host network and path /var/lib/calico required by the operator? #1419
Comments
Operator is the one installing Calico, and until that happens there is no pod-network. i.e. operator has to run host-networked to avoid a chicken-and-egg scenario (there's no pod-network until it runs, but it can't run because there's no pod-network). I'll leave someone else to answer the part about /var/lib/calico |
Thanks @lwr20, does that mean it's only required when Calico is going to be the CNI then? |
The You might be able to remove host-networked from operator but we don't test that. You'd also want to make sure that you don't cut-off tigera-operator traffic with NetworkPolicy since it now being pod networked would make it subject to network policy. |
Thanks @tmjd that makes sense. |
I don't think there are any more questions to answer here so I'm going to close this issue. |
I'm currently moving over from the legacy EKS Helm charts Calico implementation in favour of using the operator and I'm interested as to why the operator needs to be on the host network as well as have access to /var/lib/calico on the host?
The text was updated successfully, but these errors were encountered: