commit 26fd273cf5175ba4bdd31d6b6b777814f1a6c860
Author: Matt Peters <email address hidden>
Date: Thu May 7 14:29:02 2020 -0500
Add kube-apiserver port to calico failsafe rules
An invalid GlobalNetworkPolicy or NetworkPolicy may prevent
calico-node from communicating with the kube-apiserver.
Once the communication is broken, calico-node is no longer
able to update the policies since it cannot communicate to
read the updated policies. It can also prevent the pod
from starting since the policies will prevent it from
reading the configuration.
To ensure that this scenario does not happen, the kube-apiserver
port is being added to the failsafe rules to ensure communication
is always possible, regardless of the network policy configuration.
Reviewed: https:/ /review. opendev. org/726231 /git.openstack. org/cgit/ starlingx/ ansible- playbooks/ commit/ ?id=26fd273cf51 75ba4bdd31d6b6b 777814f1a6c860
Committed: https:/
Submitter: Zuul
Branch: master
commit 26fd273cf5175ba 4bdd31d6b6b7778 14f1a6c860
Author: Matt Peters <email address hidden>
Date: Thu May 7 14:29:02 2020 -0500
Add kube-apiserver port to calico failsafe rules
An invalid GlobalNetworkPolicy or NetworkPolicy may prevent
calico-node from communicating with the kube-apiserver.
Once the communication is broken, calico-node is no longer
able to update the policies since it cannot communicate to
read the updated policies. It can also prevent the pod
from starting since the policies will prevent it from
reading the configuration.
To ensure that this scenario does not happen, the kube-apiserver
port is being added to the failsafe rules to ensure communication
is always possible, regardless of the network policy configuration.
Change-Id: I1b065a74e7ad0b a9b1fdba4b63136 b97efbe98ce
Closes-Bug: 1877166
Related-Bug: 1877383
Signed-off-by: Matt Peters <email address hidden>