It's very easy to overlap with other IP ranges defined in the routing table which should not be touched, such as CNI routes (DOKS uses Cilium). Another case would be to avoid egressing the public CIDRs used by DigitalOcean services (i.e. DOKS), which leads to instability.
Proposal
Controller should be aware of the protected subnets/IPs via a ConfigMap which can be updated afterwards based on requirements. Controller logic should read the config whenever it changes.
Background
It's very easy to overlap with other IP ranges defined in the routing table which should not be touched, such as CNI routes (DOKS uses Cilium). Another case would be to avoid egressing the public CIDRs used by DigitalOcean services (i.e. DOKS), which leads to instability.
Proposal
Controller should be aware of the protected subnets/IPs via a ConfigMap which can be updated afterwards based on requirements. Controller logic should read the config whenever it changes.