In general we shouldn't need to have 169.254.169.254 available.
Need to verify if it's needed for aadpodidentity or not but I think this should be managed by CSI driver.
If this is fine it would also be interesting to enforce this disable through OPA as well.
Might a application need his feature to be able to get secrets without using things like aadpodidentity.
In general we shouldn't need to have 169.254.169.254 available.
Need to verify if it's needed for aadpodidentity or not but I think this should be managed by CSI driver.
If this is fine it would also be interesting to enforce this disable through OPA as well.
Might a application need his feature to be able to get secrets without using things like aadpodidentity.