From a1196ebe95702e21dc41ebea4793388d000d8744 Mon Sep 17 00:00:00 2001 From: clux Date: Sat, 21 Oct 2023 09:14:41 +0100 Subject: [PATCH] don't advocate for what you don't know Signed-off-by: clux --- docs/controllers/manifests.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/controllers/manifests.md b/docs/controllers/manifests.md index 9d60e65..9b77ae3 100644 --- a/docs/controllers/manifests.md +++ b/docs/controllers/manifests.md @@ -124,7 +124,7 @@ See [controller-rs/networkpolicy](https://github.com/kube-rs/controller-rs/blob/ Some notes on the above: -- [apiserver egress is complicated](https://stackoverflow.com/questions/50102943/how-to-allow-access-to-kubernetes-api-using-egress-network-policy). A `namespaceSelector` on `default` sometimes work, but the safest is get the `endpoints`. See the [controller-rs/netpol pr](https://github.com/kube-rs/controller-rs/pull/62). Cilium's counterpart of `toEntities: [ kube-apiserver ]` is a lot friendlier. +- [apiserver egress is complicated](https://stackoverflow.com/questions/50102943/how-to-allow-access-to-kubernetes-api-using-egress-network-policy). A `namespaceSelector` on `default` sometimes work, but the safest is get the `endpoints`. See the [controller-rs/netpol pr](https://github.com/kube-rs/controller-rs/pull/62). Cilium's counterpart of `toEntities: [ kube-apiserver ]` looks friendlier. - DNS egress should work for both `coredns` and `kube-dns` (via `k8s-app: kube-dns`) - `prometheus` port and app labels might depend on deployment setup, drop lines from the strict default, or tune values as you see fit - `opentelemetry-collector` values are the regular defaults from the [collector helm chart](https://github.com/open-telemetry/opentelemetry-helm-charts/blob/1d31c4bf71445595a3a7f5f2edc0850a83422a90/charts/opentelemetry-collector/values.yaml#L238-L285) - change as you see fit