From 87eb253a511f68513777b0658fdb7fca0ba49d52 Mon Sep 17 00:00:00 2001 From: Kiran Chavala Date: Thu, 28 Aug 2025 16:46:33 +0530 Subject: [PATCH 1/7] added steps to fix meta-data-access and compatablity --- .../plugins/cloudstack-kubernetes-service.rst | 56 +++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/source/plugins/cloudstack-kubernetes-service.rst b/source/plugins/cloudstack-kubernetes-service.rst index b8b156a6de..fae5a63854 100644 --- a/source/plugins/cloudstack-kubernetes-service.rst +++ b/source/plugins/cloudstack-kubernetes-service.rst @@ -385,6 +385,55 @@ The service provides functionality to access kubeconfig file for a running Kuber getKubernetesClusterConfig API can be used to retrieve kubeconfig file data for a cluster. It takes id of the cluster as the input parameter. +Note: The meta-data and user-data of the underlying host can be accessed by the container running on the cks cluster. If you want prevent the access follow the below steps + +.. parsed-literal:: + + - The meta-data and user-data of the underlying worker-nodes can be accessed by the containers running on the CKS cluster + + For example deploy a container on a cks cluster + + kubectl exec -it -- /bin/sh + + curl http://data-server/latest/meta-data/ + service-offering + availability-zone + local-ipv4 + local-hostname + public-ipv4 + public-hostname + instance-id + vm-id + public-keys + cloud-identifier + hypervisor-host-name + + curl http://data-server/latest/user-data/ + + + - If you want to prevent the access of meta-data and user-data from the containers running on cks-cluster, Execute the following yaml + + kubectl apply -f deny-meta-data.yaml + + apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: deny-metadata-access + spec: + podSelector: {} + policyTypes: + - Egress + egress: + - to: + - ipBlock: + cidr: 169.254.188.68/32 + ports: + - protocol: TCP + port: 80 + + + + Kubernetes cluster web dashboard ################################# @@ -429,6 +478,13 @@ Kubernetes compatibility Matrix +--------------+---------------------------------+-----------------------------+-------------+ | 4.16.1 | v1.20 onward | SystemVM Template (Debian) | cloud | +--------------+---------------------------------+-----------------------------+-------------+ +| 4.19.1 | v1.30 onward | SystemVM Template (Debian) | cloud | ++--------------+---------------------------------+-----------------------------+-------------+ +| 4.20.1 | v1.30 onward | SystemVM Template (Debian) | cloud | ++--------------+---------------------------------+-----------------------------+-------------+ +| 4.21.0 | v1.33 onward | SystemVM Template (Debian) | cloud | ++--------------+---------------------------------+-----------------------------+-------------+ + Adding/Removing Instances for an ExternalManaged Kubernetes Cluster ################################################################### From 92195f7b415710abcf6027bbb099b75dbcfda947 Mon Sep 17 00:00:00 2001 From: kiranchavala Date: Thu, 28 Aug 2025 17:36:15 +0530 Subject: [PATCH 2/7] Update source/plugins/cloudstack-kubernetes-service.rst Co-authored-by: Suresh Kumar Anaparti --- source/plugins/cloudstack-kubernetes-service.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/plugins/cloudstack-kubernetes-service.rst b/source/plugins/cloudstack-kubernetes-service.rst index fae5a63854..396e1d81ea 100644 --- a/source/plugins/cloudstack-kubernetes-service.rst +++ b/source/plugins/cloudstack-kubernetes-service.rst @@ -385,7 +385,7 @@ The service provides functionality to access kubeconfig file for a running Kuber getKubernetesClusterConfig API can be used to retrieve kubeconfig file data for a cluster. It takes id of the cluster as the input parameter. -Note: The meta-data and user-data of the underlying host can be accessed by the container running on the cks cluster. If you want prevent the access follow the below steps +Note: The User Data and Metadata of the underlying host can be accessed by the container running on the CKS cluster. If you want prevent the access follow the below steps .. parsed-literal:: From 592df9beb50f49d5664d3fccd31ca55e67cefcad Mon Sep 17 00:00:00 2001 From: kiranchavala Date: Thu, 28 Aug 2025 17:36:24 +0530 Subject: [PATCH 3/7] Update source/plugins/cloudstack-kubernetes-service.rst Co-authored-by: Suresh Kumar Anaparti --- source/plugins/cloudstack-kubernetes-service.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/plugins/cloudstack-kubernetes-service.rst b/source/plugins/cloudstack-kubernetes-service.rst index 396e1d81ea..6677f3c95f 100644 --- a/source/plugins/cloudstack-kubernetes-service.rst +++ b/source/plugins/cloudstack-kubernetes-service.rst @@ -389,7 +389,7 @@ Note: The User Data and Metadata of the underlying host can be accessed by the c .. parsed-literal:: - - The meta-data and user-data of the underlying worker-nodes can be accessed by the containers running on the CKS cluster + - The User Data and Metadata of the underlying worker-nodes can be accessed by the containers running on the CKS cluster For example deploy a container on a cks cluster From 1c3e343fce2dc0644d951bced9ed5ab705a5216a Mon Sep 17 00:00:00 2001 From: kiranchavala Date: Thu, 28 Aug 2025 17:36:35 +0530 Subject: [PATCH 4/7] Update source/plugins/cloudstack-kubernetes-service.rst Co-authored-by: Suresh Kumar Anaparti --- source/plugins/cloudstack-kubernetes-service.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/plugins/cloudstack-kubernetes-service.rst b/source/plugins/cloudstack-kubernetes-service.rst index 6677f3c95f..817d62fd48 100644 --- a/source/plugins/cloudstack-kubernetes-service.rst +++ b/source/plugins/cloudstack-kubernetes-service.rst @@ -391,7 +391,7 @@ Note: The User Data and Metadata of the underlying host can be accessed by the c - The User Data and Metadata of the underlying worker-nodes can be accessed by the containers running on the CKS cluster - For example deploy a container on a cks cluster + For example: Deploy a container on a CKS cluster kubectl exec -it -- /bin/sh From 778b000d390a1a997b11cc0f2fa1ddee7c16cc19 Mon Sep 17 00:00:00 2001 From: kiranchavala Date: Thu, 28 Aug 2025 17:36:48 +0530 Subject: [PATCH 5/7] Update source/plugins/cloudstack-kubernetes-service.rst Co-authored-by: Suresh Kumar Anaparti --- source/plugins/cloudstack-kubernetes-service.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/plugins/cloudstack-kubernetes-service.rst b/source/plugins/cloudstack-kubernetes-service.rst index 817d62fd48..3b8fc03665 100644 --- a/source/plugins/cloudstack-kubernetes-service.rst +++ b/source/plugins/cloudstack-kubernetes-service.rst @@ -411,7 +411,7 @@ Note: The User Data and Metadata of the underlying host can be accessed by the c curl http://data-server/latest/user-data/ - - If you want to prevent the access of meta-data and user-data from the containers running on cks-cluster, Execute the following yaml + - If you want to prevent the access of User Data and Metadata from the containers running on CKS cluster, Execute the following yaml kubectl apply -f deny-meta-data.yaml From 80339c5a52db95e282f1d0d155b83adb77fb9038 Mon Sep 17 00:00:00 2001 From: kiranchavala Date: Thu, 28 Aug 2025 17:37:03 +0530 Subject: [PATCH 6/7] Update source/plugins/cloudstack-kubernetes-service.rst Co-authored-by: Suresh Kumar Anaparti --- source/plugins/cloudstack-kubernetes-service.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/source/plugins/cloudstack-kubernetes-service.rst b/source/plugins/cloudstack-kubernetes-service.rst index 3b8fc03665..96b4e3c106 100644 --- a/source/plugins/cloudstack-kubernetes-service.rst +++ b/source/plugins/cloudstack-kubernetes-service.rst @@ -433,7 +433,6 @@ Note: The User Data and Metadata of the underlying host can be accessed by the c - Kubernetes cluster web dashboard ################################# From 1ed1274ac9cbb20cacf173c0d926bd02c52303c0 Mon Sep 17 00:00:00 2001 From: kiranchavala Date: Thu, 28 Aug 2025 17:37:09 +0530 Subject: [PATCH 7/7] Update source/plugins/cloudstack-kubernetes-service.rst Co-authored-by: Suresh Kumar Anaparti --- source/plugins/cloudstack-kubernetes-service.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/source/plugins/cloudstack-kubernetes-service.rst b/source/plugins/cloudstack-kubernetes-service.rst index 96b4e3c106..6ad0f3e059 100644 --- a/source/plugins/cloudstack-kubernetes-service.rst +++ b/source/plugins/cloudstack-kubernetes-service.rst @@ -432,7 +432,6 @@ Note: The User Data and Metadata of the underlying host can be accessed by the c port: 80 - Kubernetes cluster web dashboard #################################