Kubelink
Resolved Issues
CLAS: NodePort - pod rules are not removed after disabling rule (E-111689)
After disabling a NodePort rule that opens it to outside VMs, iptable entries for pods with a virtual service's targetPort were not being removed as expected. Now the pod no longer remains opened. Host iptables are removed, so traffic does not go through, and the pod ports are properly closed.
CLAS - The etcd pod crashes when node reboots (E-106236)
The etcd pod would crash if one of the nodes in the cluster was rebooted.
Known Issues
CLAS-mode Kubelink pod gets restarted once when deploying Illumio Core for Kubernetes (E-109284)
The Kubelink pod is restarted after deploying Illumio Core for Kubernetes in CLAS mode.
There is no workaround. Kubelink runs properly after this single restart.
CLAS: Container Workload Profile label change is not applied to Kubernetes Workloads, only to Virtual Services (E-109168)
When removing labels in a Container Workload Profile, existing Kubernetes Workloads that are managed by that profile do not have their labels changed automatically to labels based on annotations. These existing Kubernetes Workloads must be updated with the
kubectl applycommand for the labels change to take effect. New Kubernetes Workloads created after the profile label change will have the new labels.This works as designed.