search

aws / aws-network-policy-agent

Apache License 2.0
42 stars 25 forks source link

Unable to Run ./aws-eks-na-cli ebpf loaded-ebpfdata On Node #187

Closed ndrafahl closed 6 months ago

ndrafahl commented 6 months ago

We had recently upgraded the AWS CNI plugin to v1.15.4-eksbuild.1 on our 1.25 cluster, and then enabled enforcing network policies via the addon configuration.

I was walking through some of the examples (just to poke around a bit) found in the README here: https://github.com/aws/aws-network-policy-agent#network-policy-agent-cli

I went onto my managed worker node (via Systems Manager), and ran the ./aws-eks-na-cli ebpf loaded-ebpfdata command and received the following error:

2024-01-23 14:35:36.129352413 +0000 UTC m=+0.000841813 write error: can't rename log file: rename /var/log/aws-routed-eni/ebpf-sdk.log /var/log/aws-routed-eni/ebpf-sdk-2024-01-23T14-35-36.129.log: permission denied
2024-01-23 14:35:36.129486858 +0000 UTC m=+0.000976247 write error: can't rename log file: rename /var/log/aws-routed-eni/ebpf-sdk.log /var/log/aws-routed-eni/ebpf-sdk-2024-01-23T14-35-36.129.log: permission denied
2024-01-23 14:35:36.129530591 +0000 UTC m=+0.001019990 write error: can't rename log file: rename /var/log/aws-routed-eni/ebpf-sdk.log /var/log/aws-routed-eni/ebpf-sdk-2024-01-23T14-35-36.129.log: permission denied

I tried it as sudo as well, and received the following:

Failed to execute the cmd -  failed walking the bpfdirectory unable to get FD

This may be a non-issue, or a self-inflicted one, but I wanted to just reach out to make sure I'm not missing something obvious.

Thank you!

Environment:

jayanthvn commented 6 months ago

This issue is fixed with 1.0.8-rc image. Will be cutting a final release soon.

ndrafahl commented 6 months ago

This issue is fixed with 1.0.8-rc image. Will be cutting a final release soon.

Ah cool - thanks for the quick response.

I assume it's nothing that is causing any issues with the network policies being enforced themselves, just with running the CLI on the node?

jayanthvn commented 6 months ago

Yes it is just the CLI. No functionality impact.

ndrafahl commented 6 months ago

Cool - thanks a bunch @jayanthvn. I'm going to mark this one as closed. Have a good one!