Skip to main content

Illumio Segmentation for Kubernetes

Kubelink

Resolved Issues

  • CLAS on IKS with Calico, the flow of ClusterIP is not displayed correctly (E-109238)

    In a CLAS environment on IKS with Calico, when running traffic to a clusterIP service from a pod, flows were being displayed incorrectly. Sometimes flows were incorrectly shown as Allowed. Other times, flows that should not be present were being shown as Blocked. This issue is resolved.

  • Kubernetes cluster falsely detected as an OpenShift cluster (E-107910)

    After deployment, Kubelink falsely detected a Kubernetes cluster as an OpenShift cluster based on misinterpretations of installed VolumeReplicationClass and VolumeReplications APIs on the cluster. This issue is resolved.

  • Problem when label from PCE was deleted after Kubelink starts (E-107779)

    When creating a new workload on PCE, Kubelink uses cached or preloaded labels to label a workload. However, if the label was deleted before the workload was actually created, the PCE responded with a 406 status error. This issue is resolved.

  • Kubelink did not properly apply label mappings with PCE using two-sided management ports (E-105391)

    Label mappings were not properly applied when using the LabelMap CRD if the PCE used two-sided management ports. This issue is resolved.

Known Issues

  • CLAS: NodePort - pod rules are not removed after disabling rule (E-111689)

    After disabling a NodePort rule that opens it to outside VMs, iptables entries for pods with a virtual service's targetPort are not removed as expected. The pod is still opened. Host iptables are removed, so traffic does not go through, but the pod ports stay opened towards original IPs.

    There is no workaround available.

  • Non-CLAS mode: Failed to clean up the pods (E-109687)

    After deleting a non-CLAS container cluster, the cluster gets deleted but Container Workloads are not deleted, and remain present.

  • CLAS-mode Kubelink pod gets restarted once when deploying Illumio Core for Kubernetes (E-109284)

    The Kubelink pod is restarted after deploying Illumio Core for Kubernetes in CLAS mode.

    There is no workaround. Kubelink runs properly after this single restart.

  • CLAS: Container Workload Profile label change is not applied to Kubernetes Workloads, only to Virtual Services (E-109168)

    In CLAS environments, after changing a label in a Container Workload Profile, the Kubernetes Workloads that are managed by that Profile do not have their labels changed as expected. No changes to these Kubernetes Workloads occur even when the Profile is changed to "No Label Allowed;" the original labels remain in the Kubernetes Workloads. However, Virtual Services managed by that profile do successfully have their labels changed properly.

    No workaround is available.

  • CLAS - The etcd pod crashes when node reboots (E-106236)

    The etcd pod crashes if one of the nodes in the cluster is rebooted.

    There is no workaround available.