Open surajssd opened 4 years ago
That profile is actually intended to be there - it's not a real profile (stored via a CRD) but rather a dummy value that Calico knows about internally which is used to enable "default allow until selected behavior"
It's not expected to be something that you need to edit, etc. and GlobalNetworkPolicies should still work as expected.
Is the issue that a profile exists? Or is there another symptom that you're experiencing?
Adjusting title to be a feature request: support for default deny on automatically created host endpoints (which is what I assume you're looking for based on the description)
Problem && Current Behavior
I have deployed kube controllers and it created following HostEndpoint automatically:
Now the problem is it has added this field called
profiles
with automatic value ofprojectcalico-default-allow
. Now using Calico on Kubernetes, which is deployed in standard way does not haveProfiles
CRD.Possible Solution
Profile docs here https://docs.projectcalico.org/reference/resources/profile say following:
Like the docs say we make heavy use of GlobalNetworkPolicy. Add a knob to disable adding any profiles information. An env var or something in
KubeControllersConfiguration
.Let me know what am I doing wrong?
Context
I cannot make use of calico version v3.14.0 with kube controller.
Your Environment