You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The allow portion of this takes effect but it also does not block the items in the except list.
This was working as desired under Calico. This seems like the only rule we have with the behavior difference between calico and vpc-cni-k8s and as such unable to proceed with the migration.
Attach logs
^^ this appears to not exist in the official containers.
What you expected to happen:
The "except" range to be blocked.
How to reproduce it (as minimally and precisely as possible):
Apply the network policy
Anything else we need to know?:
Environment:
EKS
Client Version: v1.28.0
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.27.4-eks-2d98532
Bottlerocket OS 1.15.0 (aws-k8s-1.27) 5.15.128
The text was updated successfully, but these errors were encountered:
What happened:
We have a network policy to disallow access to the cluster (IP ranges changed) but allow to the internet. Effectively an untrusted workload.
The allow portion of this takes effect but it also does not block the items in the except list.
This was working as desired under Calico. This seems like the only rule we have with the behavior difference between calico and
vpc-cni-k8s
and as such unable to proceed with the migration.Attach logs
^^ this appears to not exist in the official containers.
What you expected to happen:
The "except" range to be blocked.
How to reproduce it (as minimally and precisely as possible):
Apply the network policy
Anything else we need to know?:
Environment:
EKS
Client Version: v1.28.0
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.27.4-eks-2d98532
Bottlerocket OS 1.15.0 (aws-k8s-1.27) 5.15.128
The text was updated successfully, but these errors were encountered: