Sebastian Stauch

FYI, we run cilium shoots without `kube-proxy` and we also wanted to remove `kube-proxy` from calico shoots at a later point in time.

What was the reason to not move it to CCM? It would be a value proposition to a lot of people.

Im my opinion this also belongs into the bailiwick of the aws cloud-controller-manger. Other cloud-controller-manager like [gcp]( https://github.com/kubernetes/cloud-provider-gcp/blob/master/cmd/cloud-controller-manager/nodeipamcontroller.go) have the same understanding.

/reopen

Dual-stack support is now tracked in https://github.com/gardener/gardener/issues/8899.

I'm running in the same issue when trying to pass the conformance tests with "kubeProxyReplacement: strict". Is somebody working on this issue?

> At least the `Unprivileged Shoot` test there seems to be a problem with `coredns`: > > ``` > {"level":"info","ts":"2023-12-13T08:03:10.667Z","logger":"shoot-test.test","msg":"Shoot not yet created","shoot":{"name":"e2e-unpriv","namespace":"garden-local"},"reason":"condition type SystemComponentsHealthy is not true yet, had...

> > The tests are currently pinned to k8s verison 1.24.8, see https://github.com/gardener/gardener/blob/master/test/e2e/gardener/shoot/create_and_delete_unprivileged.go#L39. The documentation (https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted) states that the `NET_BIND_SERVICE` capability is only allowed with the restricted policy in kubernetes...

I've rebased the PR.

Can we get this change in?