Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Calico network policies not getting enforced #30133

Closed
m-raman opened this issue Apr 26, 2019 — with docs.microsoft.com · 9 comments
Closed

Calico network policies not getting enforced #30133

m-raman opened this issue Apr 26, 2019 — with docs.microsoft.com · 9 comments
Assignees
@jakaruna-MSFT
Labels
container-service/svc cxp product-question triaged

Comments

@m-raman docs.microsoft.com
Copy link

m-raman commented Apr 26, 2019

I enabled a cluster with calico. Tried applying network policies using both kubectl and calicoctl. The policies are not taking effect.

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
@jakaruna-MSFT jakaruna-MSFT self-assigned this Apr 26, 2019
@jakaruna-MSFT
Copy link
Contributor

Thanks for the feedback! We are currently investigating and will update you shortly.

@jakaruna-MSFT
Copy link
Contributor

@m-raman I hope you have applied the network policy while creating the cluster itself

@m-raman docs.microsoft.com
Copy link
Author

m-raman commented Apr 26, 2019

@jakaruna-MSFT Yes. See below and the version I have used is 1.13.5.

"location": "australiasoutheast",
"name": "aksrm12",
"networkProfile": {
"dnsServiceIp": "10.0.0.10",
"dockerBridgeCidr": "172.17.0.1/16",
"networkPlugin": "azure",
"networkPolicy": "calico",
"podCidr": null,
"serviceCidr": "10.0.0.0/16"
},

@jakaruna-MSFT jakaruna-MSFT mentioned this issue Apr 26, 2019
Closed
@jakaruna-MSFT
Copy link
Contributor

@m-raman I created a cluster today with calico networking plugin.
Netwroking rules didnt work for me as well.
I will investigate further and let you know.

@jakaruna-MSFT
Copy link
Contributor

Azure/AKS#905 Same issue

@jakaruna-MSFT
Copy link
Contributor

@m-raman Current workaround is to use 1.11.* if we need calico networking plugin.
Though Azure networking plugin works well with all versions.
Also go though this table to find out the difference between calico networking plugin and azure.

@jakaruna-MSFT
Copy link
Contributor

Currently if you create a cluster with calico and with version 1.12.* and above, then the nodes will be in not ready state. It will have an error message saying that networking plugin is not ready.
If thats not the case then the network policy feature registration is not done properly.

@jakaruna-MSFT
Copy link
Contributor

@m-raman I verified both the scenarios (described below) and it works well.

  • AKS with verison 1.11.9 + calico networking plugin
  • AKS with version 1.12.6 + Azure networking plugin

I will close this issue for now as we dont need to update the doc. We will follow up with the Azure/AKS#905 issue for the updates.

@jakaruna-MSFT
Copy link
Contributor

@m-raman If need further help please mention me in the comment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jakaruna-MSFT jakaruna-MSFT

Labels
container-service/svc cxp product-question triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@PRMerger15 @jakaruna-MSFT @m-raman