compliantkubernetes-apps icon indicating copy to clipboard operation
compliantkubernetes-apps copied to clipboard

Published 20 hours ago verified publisher icon elastisys

Customise Safespring config to support MetalLB setups by default

Open aarnq opened this issue 1 year ago • 1 comments

Proposed feature

Currently the best solution to load balance traffic on Safespring is with their Elastic IP feature, which is easily done with MetalLB and Calico.

We should make the switch so that this is the configuration used by default to remove a default reliance on host network or host ports.

Proposed alternatives

No response

Additional context

Requires https://github.com/elastisys/compliantkubernetes-apps/issues/1972 and maybe https://github.com/elastisys/compliantkubernetes-apps/issues/1973 depending on how it turns out.

Definition of done

  • [ ] Safespring configuration updated to support MetalLB setups by default.

aarnq avatar Jan 24 '24 10:01 aarnq

As part of this, also make sure that the "allow-user-crds" feature does not interfere with the metallb operator.

Two possible options:

  • Add the metallb service accounts as an allowed service account, similar to gatekeeper and velero.
  • Make a more generic modification where all service accounts from namespaces with the label "owner=operator" are allowed.

There might be other good options as well.

viktor-f avatar Feb 05 '24 12:02 viktor-f