Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cilium 1.14.0 CIDR based rules ignored #4749

Closed
corym-vermeer opened this issue Sep 12, 2023 · 1 comment
Closed

Cilium 1.14.0 CIDR based rules ignored #4749

corym-vermeer opened this issue Sep 12, 2023 · 1 comment
Labels
status/stale

Comments

@corym-vermeer
Copy link

corym-vermeer commented Sep 12, 2023
edited
Loading

Cilium 1.14.0 isn't usable with CIDR based network policies. Upstream project has addressed these and released 1.14.1
Cilium Issue #27210

Environmental Info:
RKE2 Versions:
v1.25.13+rke2r1
v1.24.17+rke2r1

Node(s) CPU architecture, OS, and Version:
5.14.0-284.18.1.el9_2.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jun 29 17:06:27 EDT 2023 x86_64 x86_64 x86_64 GNU/Linux

Cluster Configuration:
2 separate clusters, 1 node in the v1.25 "Cluster", second cluster is configured with 5 nodes, 3 of those are control pane.

Describe the bug:
CiliumNetworkPolicies containing either fromCIDR or toCIDR are not being read.

Steps To Reproduce:
Define a CiliumNetworkPolicy containing an example such as this:

    - fromCIDR:
        - 10.0.0.0/8
        - 192.168.0.0/16
        - 2a0e:97c0:250::/44
        - 2a02:2c8:f000::/48
        - fd00::/8
      toPorts:
        - ports:
          - port: "8443"
            protocol: TCP
          - port: "8000"
            protocol: TCP
  • Installed RKE2:

Expected behavior:

Actual behavior:
See the following issue: Cilium Issue #27210

Additional context / logs:
Testing of Cilium 1.14.1 was done by overriding the rke2-cilium image tag with the following example:

rkeConfig:
    additionalManifest: |
      ---
      apiVersion: helm.cattle.io/v1
      kind: HelmChartConfig
      metadata:
        name: rke2-cilium
        namespace: kube-system
      spec:
        valuesContent: |-
          image: 
            tag: "v1.14.1"    
          dnsProxy:
            dnsRejectResponseCode: nameError
          kubeProxyReplacement: strict
          k8sServiceHost: 127.0.0.1
          k8sServicePort: 6443
          operator:
            replicas: 1
            image:
              tag: "v1.14.1"
~~~
This was referenced Sep 12, 2023
Merged
Closed
This was referenced Sep 12, 2023
Closed
Closed
Closed
@rbrtbnfgl rbrtbnfgl mentioned this issue Sep 13, 2023
Merged
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 8, 2024

This repository uses a bot to automatically label issues which have not had any activity (commit/comment/label) for 45 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the bot can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the bot will automatically close the issue in 14 days. Thank you for your contributions.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@corym-vermeer