revert: add global metadata restriction policy (!242) · Merge requests · kubernetes / automation / releases / cern-magnum

Jack Charlie Munday requested to merge revert/calico-gnp into master Oct 01, 2024

This PR reverts !77 (merged), which adds a calico GPN to restrict access to the metadata server. Unfortunately this appears to interfere with user defined networking.k8s.io/v1 NetworkPolicies, as the calico policy takes priority over the k8s one. I've marked as p::1 as if you have a default deny all policy this will no longer work for example.

I raised this upstream (https://github.com/projectcalico/calico/issues/9292) to confirm whether it is an error on my part and this will appear to be addressed in a future release so maybe we revisit when we upgrade to calico v1.29.

Closes: #112 (closed)

Edited Oct 01, 2024 by Jack Charlie Munday

revert: add global metadata restriction policy

Merge request reports