How could I enable ENI mode for AWS? #3714
-
|
Based on my preliminary research, to use AWS ALB with The option looks to be: What would be the best way to go about this? Get the values from helm, modify this value and then upgrade cilium? As an aside, if I am off-base, please point me in a direction to get this working. The error message I am getting is: |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
Hi @jeffreyflynt, direct routing to pods is, in general, a security problem and therefore disabled. I described the problem in more detail in GHSA-g8fc-vrcg-8vjg. Regarding the Helm configuration: we deliberately only allow modifications that we have tested and are confident in. These are exposed as configuration parameters. The idea to allow Helm value overrides came up, but we did not decide on a path forward yet that strikes a balance between customizability and security. If you really need to adjust something, the right workflow would be
This would not survive an upgrade, though, and risks accidentally circumventing security controls. Hope this helps - thanks for asking the question! Cheers, Markus |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for the detailed explanation. I ended up using NGINX behind the network load-balancer in place of ALB. |
Beta Was this translation helpful? Give feedback.
Hi @jeffreyflynt,
direct routing to pods is, in general, a security problem and therefore disabled. I described the problem in more detail in GHSA-g8fc-vrcg-8vjg.
Regarding the Helm configuration: we deliberately only allow modifications that we have tested and are confident in. These are exposed as configuration parameters. The idea to allow Helm value overrides came up, but we did not decide on a path forward yet that strikes a balance between customizability and security.
If you really need to adjust something, the right workflow would be
helm get values)