Closed vknabel closed 7 months ago
This CWNP must also be adopted:
k --context inttest0 -n firewall get cwnp allow-to-vpn -o yaml
apiVersion: metal-stack.io/v1
kind: ClusterwideNetworkPolicy
metadata:
annotations:
resources.gardener.cloud/description: |-
DO NOT EDIT - This resource is managed by gardener-resource-manager.
Any modifications are discarded and the resource is returned to the original state.
resources.gardener.cloud/origin: shoot--test--fra-equ01-8fef639c-bbe4-4c6f-9656-617dc4a4efd8-gardener-soil-test:shoot--pbs4kr--inttest0/extension-controlplane-shoot
creationTimestamp: "2023-12-07T10:44:09Z"
generation: 1
labels:
resources.gardener.cloud/managed-by: gardener
shoot.gardener.cloud/no-cleanup: "true"
name: allow-to-vpn
namespace: firewall
resourceVersion: "1430"
uid: a7c1ceac-12b5-4538-9d82-3b122ef3dfc7
spec:
egress:
- ports:
- port: 4314
protocol: UDP
- port: 4314
protocol: TCP
to:
- cidr: 0.0.0.0/0
status: {}
Implements #356 and https://github.com/metal-stack/gardener-extension-provider-metal/issues/357
Todos:
RestartWill not be changedsystemd-timesyncd
probably by adding a hash to the timesyncd unitsystemd-resolved
(for ubuntu)~ not required because dnsserver is immutable/etc/resolv.conf
(nameserver $ip
) (for debian)/etc/systemd/resolved.conf.d/dns.conf
not written? Race condition or conflict? error.docker pull
Write configuration also into shoot.spec.worker[n].image.providerconfig, but then the worker rolls ?TheImageProviderConfig
is only mutated into the OSC on the fly, we do not write the config into the workeruserdata
passed to the machine creation. Is done in os-metal-extension