Illumio Segmentation for Containers

E-138635

Workloads in Kubernetes clusters not receiving policy after node reboot

Some Kubernetes workloads did not receive policy after a node reboot if the C-VEN policy tracking file became empty. This issue was resolved by setting the C-VEN policy ID to 1 and applying the next received policy when the tracking file empties.

E-137077

Kubernetes Pods that include ownerReferences not detected and modeled as container workloads

Kubernetes pods that included ownerReferences weren’t detected and modeled as container workloads, which could prevent consistent application of segmentation policy. This issue was resolved by correctly detecting the resource type Pod.

E-136821

NodePort rules not completely clearing when disabling NodePort

Setting the enforceNodePortTraffic Helm chart value to never didn’t fully clear Illumio NodePort rules, leaving stale rules on the host workload. This issue was resolved by clearing residual enforcement rules after disabling NodePort.

E-136672

Helm Chart install fails with Helm Chart 4.10 and OpenShift

Helm Chart 4.10 install failed on OpenShift, preventing Helm Chart deployment. This issue was resolved by removing two unnecessary OpenShift RoleBindings related to the system:image-puller role.

E-135488

Kubernetes Operator not pulling InfluxDB image from bitnami when metrics are enabled

Enabling metrics in the Kubernetes Operator prevented pulling the InfluxDB from bitnami, causing deployment or startup failures. This issue was resolved by forcing Helm Chart to pull the image from an updated repository so that enabling metrics does not cause installation failures.