-
Notifications
You must be signed in to change notification settings - Fork 665
Weave crashed when named port was specified in network policy #3785
Comments
Please note this was discussed also in #3032 |
Presumably it should have been fixed by #3375, but either that fix is not in 2.6.0, or it doesn't work. |
As mentioned in #3032 comment #3375 only added error message indicating named port is not supported. In general any errors seen while processing network policies is considered as fatal error, intent is that to avoid a case error is logged in to weave-npc logs, but user may not notice it and assume network policies are imposed. Fatal error results in weave-npc crash, which is not best way to go about it as it. We will try to find a better way the case where invalid or unsupported netwrok policies are applied. |
Oh my :-( |
I do agree with @johny-mnemonic here, if it is not applied, we need to find a different solution than fatal error. An event sent to the service may be the best thing to do? In kubernetes, we use helm charts provided by 3rd party and it is hard to control how charts are written. Having a design where the install of a 3rd party chart crashing an entire cluster is not good option aw we expect good separation between apps. |
What you expected to happen?
Weave didn't crash when named port was specified. It should rather throw some error but not crash networking on whole k8s cluster.
What happened?
One colleague specified named port in helm chart and attempted to deliver the chart to our kubernetes cluster. Instead of throwing some error, whole cluster was knocked down because weave died.
How to reproduce it?
Try following helm chart:
Anything else we need to know?
nothing
Versions:
weave: 2.6.0
Logs:
The text was updated successfully, but these errors were encountered: