Ronnie P. Thomas
Ronnie P. Thomas
@palight Could you try running the command with the TMPDIR environment variable? Just set the TMPDIR to some directory that's not a tmpfs directory like /tmp. You could use some...
@frankofno Your issue is one with nftables unfortunately, apparently when there is an IP block overlap between multiple countries, nftables fails to add the IPs to the filter set. I'm...
@palight Could you open a new issue? Your issue is not the same one that @frankofno is facing. Also, in the new issue, could you post the debug log by...
I guess I might have to create separate sets for each country's IP blocks to fix this issue. That might take a while for me to get to. I can't...
Dry run shouldn't be too hard. We could set the geo-filter table to dormant right from the get go (that way it's rules will never be evaulated), then add the...
One more thing I'd like to point out is that the host firewall network policies don't work in Cilium 1.10.4 either, but all traffic is allowed through the WireGuard interfaces...
@brb Here's the output of `cilium status --verbose` on the cilium-master ``` root@cilium-master:/home/cilium# cilium status --verbose KVStore: Ok Disabled Kubernetes: Ok 1.21 (v1.21.5) [linux/amd64] Kubernetes APIs: ["cilium/v2::CiliumClusterwideNetworkPolicy", "cilium/v2::CiliumEndpoint", "cilium/v2::CiliumLocalRedirectPolicy", "cilium/v2::CiliumNetworkPolicy",...
If it helps, here's the Helm values file that I used when installing Cilium on this test cluster. ``` --- kubeProxyReplacement: strict k8sServiceHost: 172.27.200.1 k8sServicePort: 6443 nativeRoutingCIDR: 172.27.192.0/18 tunnel: disabled...
@brb I'm getting those messages on both sides. On the master, I'm assuming those errors are happening when the `cilium-worker` kubelet is trying to access the kube-apiserver. I get similar...