Fabian Weber

i've testet many feature combinations (from basic to more advanced) but the problem kept occurring. Some features like l7Proxy are enabled by default.

The cluster is a on-prem vanilla kubernetes. we are using sles15 sp4 and opensuse 15.4 as host os. Reproduction would be: - Deploy a on-prem kubernetes cluster (for example with...

i'm currently on vaccation, i will add more information about one week.

i think you could implement this externally and use the http client middleware as a reference. but you need access to the serviceSettings field of the SPNEGO struct.

i think i found the cause: the generation policy contains to rules. Kyverno generated two update requests: ``` ur-s6v6d namespace-sync-configuration generate Namespace default Pending 24s ur-tl9mm namespace-sync-configuration generate Namespace default...

upate: when i splitted the cluster policy with two rules into two seperate cluster policies with just one rule everything works fine

The delete operations are working too with only one rule per generation policy

on our small development cluster, the problem did not occur. it only started to occur when we started rolling out kyverno on our larger production clusters. i was able to...

Is there any progress on this pr?

We resolved the issue. We enabled the hostfirewall but did not apply any network policies, so all network packages got dropped when the cilium agent was not running anymore. without...