Cilium silently accepts k8s networkpolicy with endPort without implementing it #28684
Closed
2 tasks done
Labels
kind/bug
This is a bug in the Cilium logic.
kind/community-report
This was reported by a user in the Cilium community, eg via Slack.
sig/agent
Cilium agent related.
sig/policy
Impacts whether traffic is allowed or denied based on user-defined policies.
Is there an existing issue for this?
What happened?
If you configure a k8s networkpolicy with
endPort
statements, Cilium silently accepts it and ignores theendPort
.Cilium Version
1.15-dev
, but I'm sure it applies to all versionsKernel Version
N/A
Kubernetes Version
N/A
Sysdump
No response
Relevant log output
Anything else?
Network policy:
Steps to reproduce:
kubectl create -f https://raw.githubusercontent.com/cilium/cilium/1.14.3/examples/minikube/http-sw-app.yaml
kubectl create -f policy.yaml
kubectl exec xwing -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landing
Observe that the connections fail. Hubble also reports:
Related: #16622
Code of Conduct
The text was updated successfully, but these errors were encountered: