6e56154652
Previously, the network policy(based on ipBlock) is created during k8s orchestrator initialization to restrict the function pod access from outside. However, the network policy is actually designed to use inside the k8s cluster, it doesn't make sense to define the network policy in order to restrict the inbound traffic from outside. A typical example is when Calico is used as network plugin in the k8s cluster, the source IP address from the pod's perspective is coming from the worker node rather than the original IP address of outside. We need to remove the network policy creation for now and leave that part of security concerns to the future design. The config option `CONF.kubernetes.trusted_cidrs` is deprecated for removal. Change-Id: I91905ba36b36f152a987ce2b742de33e423ed2db Story: #2005777 Task: #33500 Story: #2005710 Task: #31036 |
||
|---|---|---|
| .. | ||
| plugin.sh | ||
| settings | ||