Skip to main content

Illumio Segmentation for Containers

Resolved Issues in 5.7.0

Issue

Fix Description

E-132331

Kubelink clusters maximum namespaces

The PCE API defaulted to a maximum of 500 namespaces for a cluster, causing kubelink to report an incorrect number of workloads. This kubelink update resolves the issue by supporting up to 10,000 namespaces in a cluster.

E-132038

Kubernetes service LoadBalancer resources not reported to PCE

LoadBalancer service resources were not being reported by Kubelink to PCE, preventing the PCE from using them as Virtual Services and Kubernetes workloads. This issue was resolved by defining stricter rules for identifying workloads.

E-131546

Database Defragmentation

Database defragmentation of in-memory databases did not execute, growing storage large enough to trigger out-of-memory restarts. Defragmentation now triggers when unused database space is greater than 30% of the in-memory volume.

E-131474

OpenShift nodes not reporting applied policy

For Kubelink 5.5.3 and PCE version 25.3, applied policies were not reported because the PCE HA Proxy incorrectly responded with 404 for certain endpoints. Kubelink now retries endpoints the PCE initially reports as 404.

E-131463

Kubernetes Installation Failure

Kubernetes Operator 5.6.1 failed during installation because the apiGroup field was missing in the manage-illumio-secrets RoleBinding Helm template. The field did not implicitly populate, causing the RoleBinding creation to fail. The missing apiGroup field has been added to the Helm template to ensure successful installation.

E-124195

Helm Upgrade of C-VEN fails with Tampering Protection

Upgrading C-VEN using Helm failed with Tampering Protection enabled because the maintenance token was missing. Version 5.7.0 now includes maintenance token support, allowing unpairing the C-VEN when Tampering Protection is enabled.

E-132774

Kubelink to Kubernetes API connectivity loss following pod recreation

After Kubelink pod is recreated, the Calico network interface names change, Kubelink loses Kubernetes API connectivity in a special case when the Kubernetes API is running outside of the cluster. The issue was resolved on the C-VEN by updating the bypass rule to include broader Calico interface name matching.