R. P. Taylor
R. P. Taylor
I also found cases of nodes that were broken due to the wrong permission of the calico-ipam binary, separately from the permission of the calico binary. The error is the...
I thought this might have been caused by https://github.com/kubernetes-sigs/kubespray/pull/10407, but actually we experienced this problem in Kubespray v2.22.2 which does not have that.
I agree a Daemonset with hostPath to install binaries is a bit odd. The Calico recommended way is to use the operator: https://docs.tigera.io/calico/latest/getting-started/kubernetes/self-managed-onprem/onpremises Actually the alternative method in Calico documentation...
/remove-lifecycle stale
/remove-lifecycle stale
/remove-lifecycle stale
However, it's worth noting that declaring a hostPort, while arguably a good practice to avoid port conflicts, would also constitute an additional security elevation as far as tools like Kyverno...
Still waiting to hear from somebody .....
Still waiting to hear from somebody .....
This was fixed by https://github.com/cilium/cilium/pull/38564