christiancadieux

I added a sourceRange property. yes - source-range works in general, it's only when it's created and then removed that the service stays unavailable, which is what the bug title...

when I use the CCNP from https://isovalent.com/blog/post/cilium-1-15/#h-ingress-network-policy ``` apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy metadata: name: ingress-ccnp spec: endpointSelector: {} ingress: - fromCIDRSet: - cidr: 172.18.0.10/32 - fromEntities: - cluster ``` it...

I am not following this. the goal of this new option enforce_policy_on_l7lb is to restrict ingress access from specific sourceIP. Can you give a complete CNP or CCNP example that...

right - so I don't understand to value of this feature. cilium is designed to support large multi-tenant clusters. each tenant has it's own security requirements. blocking cidrs for the...

I should not have closed this ticket. I understand that "The feature does not work per Ingress or per Namespace", and the feature being referenced is "enforce_policy_on_l7lb" , but this...

I may not be following your ingress_a/ingress_b example, but yes, the feature only allows to limit ingress access to the whole cluster. it does not allow to be more specific...

I think so - yes