Allow enable calico floatingIPs feature #9679
Labels
kind/bug
Categorizes issue or PR as related to a bug.
Comments
MatthieuFin
added a commit
to MatthieuFin/kubespray
that referenced
this issue
Jan 17, 2023
Add a variable `calico_felix_floatingIPs` which permit to enable calico feature `floatingIPs` (disabled per default). kubernetes-sigs#9679
MatthieuFin
added a commit
to MatthieuFin/kubespray
that referenced
this issue
Jan 18, 2023
Add a variable `calico_felix_floatingIPs` which permit to enable calico feature `floatingIPs` (disabled per default). Signed-off-by: MatthieuFin <matthieu2717@gmail.com> kubernetes-sigs#9679
enneitex
pushed a commit
to enneitex/kubespray
that referenced
this issue
Jan 25, 2023
…ubernetes-sigs#9680) Add a variable `calico_felix_floatingIPs` which permit to enable calico feature `floatingIPs` (disabled per default). Signed-off-by: MatthieuFin <matthieu2717@gmail.com> kubernetes-sigs#9679
HoKim98
pushed a commit
to ulagbulag/kubespray
that referenced
this issue
Mar 8, 2023
…ubernetes-sigs#9680) Add a variable `calico_felix_floatingIPs` which permit to enable calico feature `floatingIPs` (disabled per default). Signed-off-by: MatthieuFin <matthieu2717@gmail.com> kubernetes-sigs#9679
nolimitkun
pushed a commit
to nolimitkun/kubespray
that referenced
this issue
Mar 19, 2023
…ubernetes-sigs#9680) Add a variable `calico_felix_floatingIPs` which permit to enable calico feature `floatingIPs` (disabled per default). Signed-off-by: MatthieuFin <matthieu2717@gmail.com> kubernetes-sigs#9679
pedro-peter
pushed a commit
to pedro-peter/kubespray
that referenced
this issue
May 8, 2024
…ubernetes-sigs#9680) Add a variable `calico_felix_floatingIPs` which permit to enable calico feature `floatingIPs` (disabled per default). Signed-off-by: MatthieuFin <matthieu2717@gmail.com> kubernetes-sigs#9679
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I am upgrading our network plugin Calico from v3.21 to v3.22. But since v3.22.2
floatingIPsfeature is disabled by default in Calico due to a vulnerability.We need this feature to advertise our "public" outgoing IPs from some pods. To mitigate the vulnerability we are using
OPA Gatekeeperto whitelist our allowed pod to advertise authorized IP addresses.Unfortunately kubespray don't support to specify this option, so for now i have to manually override this value after kubespray run. I whish to add this value support directly in kubespray Calico plugin role.
Environment:
Cloud provider or hardware configuration:
baremetal
OS (
printf "$(uname -srm)\n$(cat /etc/os-release)\n"):Linux 5.4.0-126-generic x86_64
Ubuntu 20.04.5 LTS (Focal Fossa)
Version of Ansible (
ansible --version):ansible [core 2.14.1]
Version of Python (
python --version):Python 3.10.9
Kubespray version (commit) (
git rev-parse --short HEAD):v2.19.1 453dbce
Network plugin used:
Calico CNI
Full inventory with variables (
ansible -i inventory/sample/inventory.ini all -m debug -a "var=hostvars[inventory_hostname]"):Command used to invoke ansible:
ansible-playbook -b --become-method su --ask-vault-pass --user $USER -i ../inventory.yml upgrade-cluster.yml --skip-tags=k8s-gen-certs,k8s-gen-tokens,etcd-secrets
Output of ansible run:
Anything else do we need to know:
The text was updated successfully, but these errors were encountered: