Network Policy Blocking Cronjob Pods' Communication After vpc-cni 1.15.3 Upgrade

Question

Network Policy Blocking Cronjob Pods' Communication After vpc-cni 1.15.3 Upgrade

atilsensalduz opened this issue 8 months ago · comments

After upgrading to vpc-cni version 1.15.3, I've encountered a problem where my cronjob pods' communication is unexpectedly blocked, despite having the correct network policies in place. Strangely, this issue did not occur prior to the upgrade. I've also verified the policyendpoints and can confirm that the IP addresses of my cronjob pods are correctly exist in policyendpoints. I'm wondering if this is a known issue with the new version 🤔

Apurup Chevuru · Answer 1 · Wed Nov 08 2023 02:06:13 GMT+0800 (China Standard Time)

@atilsensalduz No, we're not aware of any issue with the 1.15.3. Can you share the network policy agent logs from the node where these cronjob pods are running? You can mail them to k8s-awscni-triage@amazon.com. Please also share the describe o/p of corresponding policyEndpoint resources as well. Thanks.

Jayanth Varavani · Answer 2 · Wed Nov 08 2023 06:32:54 GMT+0800 (China Standard Time)

This is possibly happening because of the issue pointed here #131. We can confirm with the logs you send.

Jeffrey Nelson · Answer 3 · Wed Dec 27 2023 00:29:19 GMT+0800 (China Standard Time)

Closing as fixed