Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Network Policy issue with deploying gotk with k3s #294

Closed
onedr0p opened this issue Oct 2, 2020 · 3 comments · Fixed by #297
Closed

Network Policy issue with deploying gotk with k3s #294

onedr0p opened this issue Oct 2, 2020 · 3 comments · Fixed by #297

Comments

@onedr0p
Copy link
Contributor

onedr0p commented Oct 2, 2020
edited
Loading

I recently chatted with @stefanprodan and he came to the conclusion that k3s might behave differently than k8s in terms of network policies.

k3s version: 1.19.2-k3s1

Basically the bootstrap process times out.

◎ waiting for cluster sync
✗ context deadline exceeded

I was able to get this to work with Calico and kube-proxy by removing the gotk network policy kubectl delete networkpolicy/deny-ingress -n gotk-system

However it didn't work on my tests when kube-proxy was disabled when using Calico w/ eBPF or Cilium and kube-router.

More information may be be found here in the slack channel.

Related: k3s-io/k3s#1308 and k3s-io/k3s#947 which also links to a kube-router issue.
@onedr0p onedr0p changed the title Issue with deploying gotk with k3s Network Policy issue with deploying gotk with k3s Oct 2, 2020
@stefanprodan stefanprodan mentioned this issue Oct 3, 2020
Merged
@onedr0p
Copy link
Contributor Author

onedr0p commented Oct 3, 2020
edited
Loading

@stefanprodan awesome! I'll give this a shot and report back if I see any issues with k3s

@stefanprodan
Copy link
Member

You need to use the v0.1.4 CLI, it should be available in a couple of minutes

@onedr0p
Copy link
Contributor Author

onedr0p commented Oct 3, 2020
edited
Loading

Seems like my issue was Cilium and setting masquerade to false in their helm chart values, along with the default network policy that is set. I don't know why this would have an effect on gotk completing the bootstrap process or not. I have turned back on masquerading AND disabled the network policy. gotk finishes the bootstrap command, all is well.

https://docs.cilium.io/en/v1.8/concepts/networking/masquerading/

Such a strange issue that took me trying out so many different things.

@clementnuss clementnuss mentioned this issue May 26, 2021
Closed
@darkowlzz darkowlzz mentioned this issue Aug 22, 2022
Closed
1 task
ybelleguic pushed a commit to ybelleguic/flux2 that referenced this issue Jan 9, 2023
@hiddeco
Merge pull request fluxcd#294 from fluxcd/helmchart-dep-bug
6b6154c 
Copy loop iterator var for use by goroutine
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add option to disable the network policy at install time fluxcd/flux2
2 participants
@onedr0p @stefanprodan