-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CI: kubernetes-e2e-net-conformance (ipv4) - NetworkPolicyLegacy [LinuxOnly] NetworkPolicy between server and client #26492
Comments
Discussion on Slack https://cilium.slack.com/archives/C7PE7V806/p1687790469836489 |
this is something strange since the operation is happening in the socket namespace? @brb are network policies or something "influencing" somehow the network namespace of the containers? |
It should not. Why? |
the failures are calls inside the network namespace, that seems like an EPERM trying to "connect" , that is socket level, but I'm speculating here, other observation is that some pods fail the probes, that execed inside the network namespace to localhost, but I couldn't get any job failing with the debug logs enable to be able to check the agent logs, Joe retried some ones but they passed on the retry, it will be nice to get the logs of one of this failures with the agent in debug mode |
yeah, and same symptoms
pods can not dial and ...
Some pods never get ready because the probes fail, the probe is an exec, that means that is executed inside the pod network namespace
that execs a connection inside the network namespace against localhost and fails, so there is something blocking the connections inside the pod namespace, does cilium inject rules inside the cgroup or socket hooks? |
interestingly the other job for network policies have socketLB disable
|
The KIND job to run network policies e2e test is flaky and fail with errors related to problem in the Pod network namespace. To discard that this can be related to an interaction with the Services implementation, run this job disabling this feature. Ref: cilium#26492 Signed-off-by: Antonio Ojea <aojea@google.com>
This issue has been automatically marked as stale because it has not |
This issue has not seen any activity since it was marked stale. |
CI failure
main
branch)The text was updated successfully, but these errors were encountered: