You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I try to apply a NetworkPolicy object that making use of named ports defined in a deployment/daemonset/statefulset spec, I get the following errors that are followed by crashes of the kube-router pods:
kube-router-d6lrq kube-router E0313 12:57:49.202191 1 network_policy_controller.go:146] Error syncing on pod update: Aborting sync. Failed to sync network policy chains: Failed to run iptables command: running [/sbin/iptables -t filter -C KUBE-NWPLCY-TQVID2JAR264CEKX -m comment --comment rule to ACCEPT traffic from source pods to dest pods selected by policy name monitoring-grafana namespace kube-system -m set --set KUBE-SRC-CEDAYVZJP7X7CLEI src -m set --set KUBE-DST-TQVID2JAR264CEKX dst -p TCP --dport api -j ACCEPT --wait]: exit status 2: --set option deprecated, please use --match-set
kube-router-d6lrq kube-router --set option deprecated, please use --match-set
kube-router-d6lrq kube-router iptables v1.6.1: invalid port/service `api' specified
kube-router-d6lrq kube-router Try `iptables -h' or 'iptables --help' for more information.
(In addition, it seems that there is usage in deprecated iptables options).
When modifying the NetworkPolicy to work with numbered ports, everything is ok.
The text was updated successfully, but these errors were encountered:
This bug hit me hard a while ago. It seems like kube-router is not able to recover from a NetworkPolicy with a named port, even if that named port is removed. Restarting kube-router does not fix the issue, the only workaround that I found was to reboot all nodes in the Kubernetes cluster.
Until kube-router has support for named ports, would it be possible to at least filter those rules out?
Oops that sounds bad. It should have been more gracefully handled by kube-router. Will fix it (not the support for named ports but graceful handling) for next coming release.
When I try to apply a
NetworkPolicy
object that making use of named ports defined in a deployment/daemonset/statefulset spec, I get the following errors that are followed by crashes of the kube-router pods:(In addition, it seems that there is usage in deprecated
iptables
options).When modifying the NetworkPolicy to work with numbered ports, everything is ok.
The text was updated successfully, but these errors were encountered: