Unable to Run ./aws-eks-na-cli ebpf loaded-ebpfdata On Node
ndrafahl opened this issue · comments
We had recently upgraded the AWS CNI plugin to v1.15.4-eksbuild.1 on our 1.25 cluster, and then enabled enforcing network policies via the addon configuration.
I was walking through some of the examples (just to poke around a bit) found in the README here: https://github.com/aws/aws-network-policy-agent#network-policy-agent-cli
I went onto my managed worker node (via Systems Manager), and ran the ./aws-eks-na-cli ebpf loaded-ebpfdata
command and received the following error:
2024-01-23 14:35:36.129352413 +0000 UTC m=+0.000841813 write error: can't rename log file: rename /var/log/aws-routed-eni/ebpf-sdk.log /var/log/aws-routed-eni/ebpf-sdk-2024-01-23T14-35-36.129.log: permission denied
2024-01-23 14:35:36.129486858 +0000 UTC m=+0.000976247 write error: can't rename log file: rename /var/log/aws-routed-eni/ebpf-sdk.log /var/log/aws-routed-eni/ebpf-sdk-2024-01-23T14-35-36.129.log: permission denied
2024-01-23 14:35:36.129530591 +0000 UTC m=+0.001019990 write error: can't rename log file: rename /var/log/aws-routed-eni/ebpf-sdk.log /var/log/aws-routed-eni/ebpf-sdk-2024-01-23T14-35-36.129.log: permission denied
I tried it as sudo
as well, and received the following:
Failed to execute the cmd - failed walking the bpfdirectory unable to get FD
This may be a non-issue, or a self-inflicted one, but I wanted to just reach out to make sure I'm not missing something obvious.
Thank you!
Environment:
- Kubernetes version (use
kubectl version
): v1.25.16-eks-8cb36c9 - CNI Version: v1.15.4-eksbuild.1
- Network Policy Agent Version: Not Sure
- OS (e.g:
cat /etc/os-release
): Amazon Linux 2 - Kernel (e.g.
uname -a
): 5.10.199-190.747.amzn2.x86_64
This issue is fixed with 1.0.8-rc image. Will be cutting a final release soon.
This issue is fixed with 1.0.8-rc image. Will be cutting a final release soon.
Ah cool - thanks for the quick response.
I assume it's nothing that is causing any issues with the network policies being enforced themselves, just with running the CLI on the node?
Yes it is just the CLI. No functionality impact.
Cool - thanks a bunch @jayanthvn. I'm going to mark this one as closed. Have a good one!