Backup pods unable to reach the kubeapi

Bug

Description

When initiating a backup from the velero pod, the children pods that are created to execute the backup are unable to reach kubeapi resources.

BigBang Version

Big Bang - 3.17.0 velero - 11.3.2-bb.1

Background

The backup pods get errors like: time="2026-03-20T19:06:04Z" level=warning msg="Failed to create client cache, need retry" error="failed to determine if *v1.Pod is namespaced: failed to get restmapping: failed to get server groups: Get "https://10.96.0.1:443/api\": net/http: TLS handshake timeout" logSource="pkg/cmd/cli/podvolume/backup.go:172"

These pods don't have the standard naming so the new network policies from bb-common appear to be blocking them for communication to kubeapi resources.

Workaround

The only workaround we could find was to bypass the standard networking policy and have bb-common create a wildcard source connectivity

  velero:
    enabled: true
    values:
      networkPolicies:
        egress:
          from:
            "*":
              to:
               definition:
                 kubeAPI: true
                 storage-subnets: true