You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This feature enables applying CIDR block policies to node IPs which is helpful for configuring network policies that allow access to the kubernetes API. Currently to enable this you have to manually edit the cilium config in cluster, and it would better if it could be configured via the cluster definition.
Some example services that need this are metrics-server and prometheus. If you have ip based network policies configured to grant access to the kube API, the pods for these services fail to startup because they can't reach the API.
The text was updated successfully, but these errors were encountered:
What would you like to be added:
Configuring the policyCIDRMatchMode setting for Cilium via the Cluster resource cniConfig. Example:
Why is this needed:
By default Cilium doesn't apply CIDR block network policies to IPs internal to the cluster.
This feature enables applying CIDR block policies to node IPs which is helpful for configuring network policies that allow access to the kubernetes API. Currently to enable this you have to manually edit the cilium config in cluster, and it would better if it could be configured via the cluster definition.
Some example services that need this are metrics-server and prometheus. If you have ip based network policies configured to grant access to the kube API, the pods for these services fail to startup because they can't reach the API.
The text was updated successfully, but these errors were encountered: