You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flink.apache.org by "Dylan Meissner (Jira)" <ji...@apache.org> on 2022/08/29 13:13:00 UTC

[jira] [Created] (FLINK-29131) Kubernetes operator webhook can use hostPort

Dylan Meissner created FLINK-29131:
--------------------------------------

             Summary: Kubernetes operator webhook can use hostPort
                 Key: FLINK-29131
                 URL: https://issues.apache.org/jira/browse/FLINK-29131
             Project: Flink
          Issue Type: Improvement
          Components: Kubernetes Operator
    Affects Versions: kubernetes-operator-1.1.0
            Reporter: Dylan Meissner


When running Flink operator on EKS cluster with Calico networking the control-plane (managed by AWS) cannot reach the webhook. Requests to create Flink resources fail with {_}Address is not allowed{_}.

To support this scenario with the Helm chart make changes so that we can
 * Specify a hostPort value for the webhook
 * Name the port that the webhook listens on
 * Use the named port in the webhook service
 * Add a "use" pod security policy verb to cluster role that allows hostPort



--
This message was sent by Atlassian Jira
(v8.20.10#820010)