add network policy for controller egress
Controller component needs to access kube api. Logs in CI contain:
[pod/neuvector-controller-pod-77495b8bf4-rx28j/neuvector-controller-pod] 2023-02-28T21:28:44.997|ERRO|CTL|resource.VerifyNvClusterRoles: - clusterrole=neuvector-binding-rbac error=Cannot find Kubernetes clusterrole "neuvector-binding-rbac"(Failed to discover API group: rbac.authorization.k8s.io(performing request: Get "https://10.43.0.1:443/apis/rbac.authorization.k8s.io": dial tcp 10.43.0.1:443: i/o timeout)).
[pod/neuvector-controller-pod-77495b8bf4-rx28j/neuvector-controller-pod] 2023-02-28T21:29:14.997|ERRO|CTL|resource.VerifyNvClusterRoles: - clusterrole=neuvector-binding-app error=Cannot find Kubernetes clusterrole "neuvector-binding-app"(Failed to discover API group: rbac.authorization.k8s.io(performing request: Get "https://10.43.0.1:443/apis/rbac.authorization.k8s.io": dial tcp 10.43.0.1:443: i/o timeout)).Merge request reports
Activity
added kindbug priority5 teamcore/security labels
assigned to @rob.ferguson
requested review from @micah.nagel
added statusreview label
mentioned in issue big-bang/bigbang#1445 (closed)
requested review from @ryan.j.garcia
mentioned in commit ed5bda30
mentioned in merge request big-bang/bigbang!2548 (merged)
Please register or sign in to reply