You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need a doc update to note a potential security concern where control plane nodes may be added to a loadbalancer pool. See below for full context. We should call out the juju config k-c-p labels suggestion as a mitigation for this concern. Perhaps in our LB overview page or specifically near the other security concern for o7k octavia LBs here(ish):
I have 3x control nodes and 3x worker nodes. When an LB is created, the openstack loadbalancer pool gets 6x members registered. I can confirm control nodes also get registered...My recommendation is to enable:
The control plane charm has a space-separated labels config that may serve your needs without changing the default behavior. You could add the exclusion label like this:
We need a doc update to note a potential security concern where control plane nodes may be added to a loadbalancer pool. See below for full context. We should call out the
juju config k-c-p labelssuggestion as a mitigation for this concern. Perhaps in our LB overview page or specifically near the other security concern for o7k octavia LBs here(ish):https://ubuntu.com/kubernetes/docs/openstack-integration#using-octavia-load-balancers
Field reports:
https://kubernetes.io/docs/reference/labels-annotations-taints/#node-kubernetes-io-exclude-from-external-load-balancers
Reponse:
The text was updated successfully, but these errors were encountered: