You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I came to realize that some connectivity tests were consistently failing due to a policy misbehaving. I tested the same policy inside a Cilium lab and it seems that it misbehaves also there. I checked the policy out with the Visualizer and the whole field egressDeny doesn't get loaded.
Bug report
General Information
Cilium CLI version (run cilium version)
cilium version
cilium-cli: enterprise/cilium-cli/v0.15.8-cee.1 compiled with go1.21.0 on linux/amd64
cilium image (default): v1.14.1
cilium image (stable): v1.15.1
cilium image (running): 1.14.1
Orchestration system version in use (e.g. kubectl version, ...)
kubectl version
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.3", GitCommit:"25b4e43193bcda6c7328a6d147b1fb73a33f1598", GitTreeState:"clean", BuildDate:"2023-06-14T09:53:42Z", GoVersion:"go1.20.5", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v5.0.1
Server Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.3", GitCommit:"25b4e43193bcda6c7328a6d147b1fb73a33f1598", GitTreeState:"clean", BuildDate:"2023-06-15T00:36:28Z", GoVersion:"go1.20.5", Compiler:"gc", Platform:"linux/amd64"}
I came to realize that some connectivity tests were consistently failing due to a policy misbehaving. I tested the same policy inside a Cilium lab and it seems that it misbehaves also there. I checked the policy out with the Visualizer and the whole field
egressDeny
doesn't get loaded.Bug report
General Information
cilium version
)kubectl version
, ...)The "cilium-getting-started" lab would suffice to see the problem
https://github.com/cilium/cilium-cli/blob/70bd400f14714dadbbc2d57dba3030ab090e349b/connectivity/builder/manifests/client-egress-to-cidr-external-deny.yaml
How to reproduce the issue
kubectl create ns test; kubectl run pod-to-cidr-deny -n test --image=alpine -l="kind=client" -- /bin/sh -c "apk --update add curl; while true; do sleep 1; curl -m 3 -I https://1.1.1.1; done"
kubectl run pod-to-cidr-deny -n test --image=alpine -l="kind=client" -- /bin/sh -c "apk --update add curl; while true; do sleep 1; curl -m 3 -I https://1.1.1.1; done"
egressDeny
field is droppedkubectl explain cnp.spec
The text was updated successfully, but these errors were encountered: