Skip to content

chaining: source security ID in hairpin might lead to policy denies in >=v1.7.4 #12136

Closed
Closed
chaining: source security ID in hairpin might lead to policy denies in >=v1.7.4#12136
Assignees
jrfastab
Labels
kind/regressionThis functionality worked fine before, but was broken in a newer release of Cilium.priority/highThis is considered vital to an upcoming release.
@aanm

Description

@aanm
aanm
opened on Jun 17, 2020

Bisecting blame 60b4210

xx drop (Policy denied) flow 0x53352ab to endpoint 694, identity 4417->56410: 172.16.166.201:53662 -> 172.16.166.200:80 tcp SYN

The security ID in the endpoint is different from the one being generated by the datapath:

ENDPOINT   POLICY (ingress)   POLICY (egress)   IDENTITY   LABELS (source:key[=value])                                       IPv6   IPv4             STATUS   
           ENFORCEMENT        ENFORCEMENT                                                                                                            
366        Disabled           Disabled          4428       k8s:class=tiefighter                                                     172.16.166.201   ready   
                                                           k8s:io.cilium.k8s.policy.cluster=default                                                          
                                                           k8s:io.cilium.k8s.policy.serviceaccount=default                                                   
                                                           k8s:io.kubernetes.pod.namespace=default                                                           
                                                           k8s:org=empire

Metadata

Metadata

Assignees

Labels

kind/regressionThis functionality worked fine before, but was broken in a newer release of Cilium.priority/highThis is considered vital to an upcoming release.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions