-
Notifications
You must be signed in to change notification settings - Fork 312
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] NetworkPolicy
allowing DNS egress causes cilium agent crash in ACNS-enabled AKS
#4525
Comments
@chasewilson FYI, I have noticed this with the ACNS feature. |
@felfa01 Thanks for reporting. we are looking into this. |
Thanks @felfa01. We were able to reproduce the issue on our end and are working on a fix for it. |
We came across this problem naturally running in one of our clusters. I can confirm this bug exists and the short-term fix is to remove the NetworkPolicy that has a DNS egress on it. |
Confirming that the short term fix is to remove the NetworkPolicy that has a DNS egress specified. |
We also observe the same issue and we hope a fix will be available soon |
Sorry to create more spam, but is there any eta when we can expect this to be fixed? Unfortunately, this bug makes the entire ACNS basically unusable. |
Hey @ondrejmo, the fix has rolled out to every region. Are you still seeing the issue ? |
No, the issue seems to be fixed, thank you. |
Describe the bug
When running an AKS cluster with Advanced Container Networking Services (ACNS) and deploying a
NetworkPolicy
configured to allow DNS egress, cilium agent pods are going into a crashing state.To Reproduce
NetworkPolicy
configured to allow egress to port 53 with protocol UDP.kubectl get pods -n kube-system
and see that cilium pods are in a crashing state:Environment (please complete the following information):
Additional context
Error log:
The text was updated successfully, but these errors were encountered: