"ICMP rules can only be applied when the "enable-icmp-rules" flag is set" in CiliumClusterwideNetworkPolicy status, but --enable-icmp-rules='true' is applied #35214
Description
Is there an existing issue for this?
- I have searched the existing issues
Version
equal or higher than v1.16.0 and lower than v1.17.0
What happened?
I have a CiliumClusterwideNetworkPolicy which also includes ICMP rule
- fromEntities:
- all
icmps:
- fields:
- family: IPv4
type: 3
- family: IPv4
type: 8
- family: IPv4
type: 11
in status i see such
status:
conditions:
- lastTransitionTime: "2024-09-22T06:55:26Z"
message: ICMP rules can only be applied when the "enable-icmp-rules" flag is set
status: "False"
type: Valid
but in cilium-agent log i see the flag is actually enabled
k logs -n kube-system cilium-pwn5s cilium-agent | grep icmp
time="2024-09-22T06:35:40Z" level=info msg=" --allow-icmp-frag-needed='true'" subsys=daemon
time="2024-09-22T06:35:40Z" level=info msg=" --enable-icmp-rules='true'" subsys=daemon
How can we reproduce the issue?
Install RKE2 v1.30.4+rke2r1 cluster with Cilium CNI, add CiliumClusterwideNetworkPolicy with ICMP rule.
Cilium Version
Client: 1.16.0 8299999 2024-07-23T22:22:14-07:00 go version go1.22.5 linux/amd64
Daemon: 1.16.0 8299999 2024-07-23T22:22:14-07:00 go version go1.22.5 linux/amd64
Kernel Version
Linux worker-01 5.15.0-121-generic #131-Ubuntu SMP Fri Aug 9 08:29:53 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Kubernetes Version
Client Version: v1.30.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.30.4+rke2r1
Regression
No response
Sysdump
No response
Relevant log output
No response
Anything else?
No response
Cilium Users Document
- Are you a user of Cilium? Please add yourself to the Users doc
Code of Conduct
- I agree to follow this project's Code of Conduct