Comment 2 for bug 1877383
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Related fix merged to ansible-playbooks (master) | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Reviewed: https:/
Committed: https:/
Submitter: Zuul
Branch: master
commit 26fd273cf5175ba
Author: Matt Peters <email address hidden>
Date: Thu May 7 14:29:02 2020 -0500
Add kube-apiserver port to calico failsafe rules
An invalid GlobalNetworkPolicy or NetworkPolicy may prevent
calico-node from communicating with the kube-apiserver.
Once the communication is broken, calico-node is no longer
able to update the policies since it cannot communicate to
read the updated policies. It can also prevent the pod
from starting since the policies will prevent it from
reading the configuration.
To ensure that this scenario does not happen, the kube-apiserver
port is being added to the failsafe rules to ensure communication
is always possible, regardless of the network policy configuration.
Change-Id: I1b065a74e7ad0b
Closes-Bug: 1877166
Related-Bug: 1877383
Signed-off-by: Matt Peters <email address hidden>