Closed ndrafahl closed 6 months ago
I think this is a duplicate of https://github.com/aws/aws-network-policy-agent/issues/135.
Going to close this one out. For anyone who happens to stumble on this, @jayanthvn did a good write up on how to disable enforcing the network policies after enabling them (if needed) in the linked issue above:
We had tested this in our environments as well with no issues.
Hello!
I was trying to find any sort of documentation on how you would disable network policy enforcement via the CNI after you've enabled it.
I know to enable the network policy enforcement via the CNI, you can set the following configuration on the CNI:
{ "enableNetworkPolicy": "true" }
We are wondering if there's a way to "backout" having the CNI enforce the network policies in the cluster (in the event something were to happen after we began enforcing them).
I attempted in our testing environment to update the addon and set:
{ "enableNetworkPolicy": "false" }
And that begins to rotate out the aws-node pods in the cluster, but on the first one attempting to come up the
aws-eks-nodeagent
container goes into a crash backoff loop:Is there a more proper way to stop having the CNI enforce the network policies?
Thanks!
Environment:
kubectl version
): v1.25.16-eks-8cb36c9cat /etc/os-release
): Amazon Linux 2uname -a
): 5.10.199-190.747.amzn2.x86_64