Comments (5)
tmjd
commented on August 11, 2024
As a work around for you right now you should be able to set the CIDRs in the Installation resource to match the kubeadm configuration. This will be fine because the operator currently does not reconcile the IPPools defined in the Installation resource with the existing IPPools, so since the default IPPools are already created, it will not try to change/add/update the existing IPPools.
You should make sure the IPPools you define in the Installation resource do match the existing IPPools fields encapsulation and natOutgoing fields.
from operator.
caseydavenport
commented on August 11, 2024
This will be more important long term as well. Kubernetes is adding the ability to have multiple cluster CIDRs in the near future, so we'll need to keep our logic insync with that.
Might be worth converting this to a warning sooner rather than later, and stop blocking the operator from doing its work. I don't think we have a great mechanism to implement that right now, but it would be useful.
from operator.
tmjd
commented on August 11, 2024
I'm not sure where we could put a warning that the user would see. Is this a use case for adding another "tigerastatus" column/field that would report this issue but nothing would be blocked on it?
I feel like this wouldn't be noticed then unless there was some other issue, but maybe that would be good enough to give the user a pointer to what might be wrong in the case of something else being broken.
from operator.
taxilian
commented on August 11, 2024
What issues does it actually cause?
Being the ignorant sap that I was I set up my cluster in such a way that I
can't resolve this problem without rebuilding the full cluster, so I've
been operating for some time with my ippools all outside the cluster pod
CIDR -- I would probably have seen a warning in a tigerastatus update if it
were there, but otherwise you're right I wouldn't have seen anything,
partly because so far it's all working reasonably fine. I do sometimes have
an odd issue, which might or might not be related to this.
Anyway, not saying that it isn't a problem, but it's clearly not a "end of
all things" type issue so it does not seem like it should prevent upgrade
or install.
…On Wed, Dec 15, 2021 at 11:50 AM Erik Stidham ***@***.***> wrote:
I'm not sure where we could put a warning that the user would see. Is this
a use case for adding another "tigerastatus" column/field that would report
this issue but nothing would be blocked on it?
I feel like this wouldn't be noticed then unless there was some other
issue, but maybe that would be good enough to give the user a pointer to
what might be wrong in the case of something else being broken.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1512 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABWYTT6YCMQZY2RKTMV66LURDPQXANCNFSM5DZ5IJDQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
from operator.
tmjd
commented on August 11, 2024
What issues does it actually cause?
The issues that would happen is that traffic may get NAT'ed when it shouldn't be which would cause problems with policy not applying correctly (block traffic that should be allowed but since it is coming from an unexpected IP it is blocked).
from operator.
Related Issues (20)
- Support configuration of securityContext on calico installations HOT 1
- Blocking traffic to other service like to RDS, from LB in AWS HOT 2
- Duplicate FELIX_HEALTHPORT environment variable causing problems in Openshift HOT 3
- When unninstall HOT 3
- timescale for v3.10.0 update
- Installation CRD not getting status updated HOT 1
- document procedure to completely uninstall calico and operator from cluster HOT 1
- Feature request: ability to disable pod-security labels added by tigera/operator HOT 11
- Fargate anti-affinity doesn't get applied to DaemonSets HOT 1
- feature request: calico-apiserver PodDisruptionBudget HOT 2
- Operator deletes tigera-system namespace on ApiServer deployment HOT 7
- Incorrect PodCIDR in installations.operator.tigera.io ipPools prevented upgrade HOT 2
- AutoDiscoverProvider leads to wrong result
- Error running cluster on M1 / ARM Mac OS for local development HOT 13
- Calico Operator should support running different dataplanes on different nodes in the same Kubernetes cluster HOT 2
- v1.31.1 showing HIGH vulnerability CVE-2023-44487 HOT 1
- Tigera operator violates PodSecurity "baseline:latest" HOT 2
- Tigera Operator pod keeps restarting. HOT 1
- Pod fails to start when 'sysctl' tuning configured
- Typha autoscaler's autoscaling profile to be configurable
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from operator.