[QUESTION/HELP] Embedded Network Policy Controller kube-router not work on restart

[tdnguyen6]

Question / Where do you need Help?

Scope of your Question

• Is your question related to a specific version of k3d (or k3s)?
  • Please paste the output of k3d version here

k3d version v5.7.3
k3s version v1.30.3-k3s1 (default)

Cluster setup

k3d cluster create demo --network k3d

Apply Apply deny all network policy to namespace kube-system

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-ingress
spec:
  podSelector: {}
  policyTypes:
  - Ingress

After a few minutes, the ingress lb can't be access anymore. Restart cluster

k3d cluster stop demo
k3d cluster start demo

I expect it will have the same block behavior. However, no matter what I do to the network policy, I was able to access the ingress lb. I tried to wait but it's still the same. Upon inspection, seems like before restarting the cluster, there are a lot of iptables rules from KUBE-ROUTER, but after restarting, the iptables have just a few rules.

I suspect that the embedded kube-router was not started upon restarting, or do I miss something here?