qinling/devstack
Lingxian Kong 6e56154652 Remove the network policy creation in k8s orchestrator
Previously, the network policy(based on ipBlock) is created during k8s
orchestrator initialization to restrict the function pod access from
outside.

However, the network policy is actually designed to use inside the k8s
cluster, it doesn't make sense to define the network policy in order to
restrict the inbound traffic from outside. A typical example is when
Calico is used as network plugin in the k8s cluster, the source IP
address from the pod's perspective is coming from the worker node rather
than the original IP address of outside.

We need to remove the network policy creation for now and leave that
part of security concerns to the future design.

The config option `CONF.kubernetes.trusted_cidrs` is deprecated for
removal.

Change-Id: I91905ba36b36f152a987ce2b742de33e423ed2db
Story: #2005777
Task: #33500
Story: #2005710
Task: #31036
2019-05-27 13:27:40 +12:00
..
plugin.sh Remove the network policy creation in k8s orchestrator 2019-05-27 13:27:40 +12:00
settings Remove the network policy creation in k8s orchestrator 2019-05-27 13:27:40 +12:00