add network policy for controller egress (!23) · Merge requests · Big Bang / Universe / Product / Neuvector

Rob Ferguson requested to merge netpol-api-egress into main Mar 01, 2023

Controller component needs to access kube api. Logs in CI contain:

[pod/neuvector-controller-pod-77495b8bf4-rx28j/neuvector-controller-pod] 2023-02-28T21:28:44.997|ERRO|CTL|resource.VerifyNvClusterRoles: - clusterrole=neuvector-binding-rbac error=Cannot find Kubernetes clusterrole "neuvector-binding-rbac"(Failed to discover API group: rbac.authorization.k8s.io(performing request: Get "https://10.43.0.1:443/apis/rbac.authorization.k8s.io": dial tcp 10.43.0.1:443: i/o timeout)).
[pod/neuvector-controller-pod-77495b8bf4-rx28j/neuvector-controller-pod] 2023-02-28T21:29:14.997|ERRO|CTL|resource.VerifyNvClusterRoles: - clusterrole=neuvector-binding-app error=Cannot find Kubernetes clusterrole "neuvector-binding-app"(Failed to discover API group: rbac.authorization.k8s.io(performing request: Get "https://10.43.0.1:443/apis/rbac.authorization.k8s.io": dial tcp 10.43.0.1:443: i/o timeout)).

Admin message

add network policy for controller egress

Merge request reports