-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix AWS CCM defaults for IPAM to match KCM #15670
Conversation
KCM also has code for defaulting NodeCIDRMaskSize when ClusterCIDR is IPv6, but we never set ClusterCIDR for IPv6. I don't think we need to copy that. |
/cc @olemarkus |
/cc @justinsb |
Thanks @johngmyers - I also reviewed other uses of the CIDR and think they are correct.
It's slightly more secure, in that it allows each controller to have its own serviceaccount, though the process can still assume any of the serviceaccounts IIUC. It feels much more important for KCM, that has a lot of controllers, than it is for a CCM (which has fewer). /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: justinsb The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…5670-upstream-release-1.27 Automated cherry pick of #15670: Fix AWS CCM defaults for IPAM to match KCM
When reviewing #15623 we noticed that AWS CCM was incorrectly defaulting ClusterCIDR to NonMasqueradeCIDR. Updating the CCM code to match that for KCM.
GCP networking doesn't work on AWS, so removing that code.
I'm not sure whether we should default UseServiceAccountCredentials to true like KCM does.
/cc @hakman