Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix network policy in local setup in conjunction with HA VPN. (garden…
…er#8370) Previously, the network policy specifying the allowed traffic to the machine pods in the local setup only listed other machine pods and `vpn-seed-server` as allowed ingress sources. However, in the HA VPN case `kube-apiserver` connects to machines as well. The connection to kubelet was allowed, but everything else was blocked by policy. This meant that `kubectl proxy` would not allow proxying traffic to pods in the host network due to network policy. This change adapts the network policy to work in both VPN cases and use the more general `to-shoot-networks` labels, which were already used correctly.
- Loading branch information