level=info msg="Memory available for map entries (0.003% of 16764964864B): 41912412B" subsys=config level=info msg="option bpf-ct-global-tcp-max set by dynamic sizing to 147061" subsys=config level=info msg="option bpf-ct-global-any-max set by dynamic sizing to 73530" subsys=config level=info msg="option bpf-nat-global-max set by dynamic sizing to 147061" subsys=config level=info msg="option bpf-neigh-global-max set by dynamic sizing to 147061" subsys=config level=info msg="option bpf-sock-rev-map-max set by dynamic sizing to 73530" subsys=config level=info msg=" --agent-health-port='9879'" subsys=daemon level=info msg=" --agent-labels=''" subsys=daemon level=info msg=" --agent-liveness-update-interval='1s'" subsys=daemon level=info msg=" --agent-not-ready-taint-key='node.cilium.io/agent-not-ready'" subsys=daemon level=info msg=" --allocator-list-timeout='3m0s'" subsys=daemon level=info msg=" --allow-icmp-frag-needed='true'" subsys=daemon level=info msg=" --allow-localhost='auto'" subsys=daemon level=info msg=" --annotate-k8s-node='false'" subsys=daemon level=info msg=" --api-rate-limit=''" subsys=daemon level=info msg=" --arping-refresh-period='30s'" subsys=daemon level=info msg=" --auto-create-cilium-node-resource='true'" subsys=daemon level=info msg=" --auto-direct-node-routes='false'" subsys=daemon level=info msg=" --bgp-announce-lb-ip='false'" subsys=daemon level=info msg=" --bgp-announce-pod-cidr='false'" subsys=daemon level=info msg=" --bgp-config-path='/var/lib/cilium/bgp/config.yaml'" subsys=daemon level=info msg=" --bpf-auth-map-max='524288'" subsys=daemon level=info msg=" --bpf-ct-global-any-max='262144'" subsys=daemon level=info msg=" --bpf-ct-global-tcp-max='524288'" subsys=daemon level=info msg=" --bpf-ct-timeout-regular-any='1m0s'" subsys=daemon level=info msg=" --bpf-ct-timeout-regular-tcp='6h0m0s'" subsys=daemon level=info msg=" --bpf-ct-timeout-regular-tcp-fin='10s'" subsys=daemon level=info msg=" --bpf-ct-timeout-regular-tcp-syn='1m0s'" subsys=daemon level=info msg=" --bpf-ct-timeout-service-any='1m0s'" subsys=daemon level=info msg=" --bpf-ct-timeout-service-tcp='6h0m0s'" subsys=daemon level=info msg=" --bpf-ct-timeout-service-tcp-grace='1m0s'" subsys=daemon level=info msg=" --bpf-filter-priority='1'" subsys=daemon level=info msg=" --bpf-fragments-map-max='8192'" subsys=daemon level=info msg=" --bpf-lb-acceleration='disabled'" subsys=daemon level=info msg=" --bpf-lb-affinity-map-max='0'" subsys=daemon level=info msg=" --bpf-lb-algorithm='random'" subsys=daemon level=info msg=" --bpf-lb-dev-ip-addr-inherit=''" subsys=daemon level=info msg=" --bpf-lb-dsr-dispatch='opt'" subsys=daemon level=info msg=" --bpf-lb-dsr-l4-xlate='frontend'" subsys=daemon level=info msg=" --bpf-lb-external-clusterip='false'" subsys=daemon level=info msg=" --bpf-lb-maglev-hash-seed='JLfvgnHc2kaSUFaI'" subsys=daemon level=info msg=" --bpf-lb-maglev-map-max='0'" subsys=daemon level=info msg=" --bpf-lb-maglev-table-size='16381'" subsys=daemon level=info msg=" --bpf-lb-map-max='65536'" subsys=daemon level=info msg=" --bpf-lb-mode='snat'" subsys=daemon level=info msg=" --bpf-lb-rev-nat-map-max='0'" subsys=daemon level=info msg=" --bpf-lb-rss-ipv4-src-cidr=''" subsys=daemon level=info msg=" --bpf-lb-rss-ipv6-src-cidr=''" subsys=daemon level=info msg=" --bpf-lb-service-backend-map-max='0'" subsys=daemon level=info msg=" --bpf-lb-service-map-max='0'" subsys=daemon level=info msg=" --bpf-lb-sock='false'" subsys=daemon level=info msg=" --bpf-lb-sock-hostns-only='false'" subsys=daemon level=info msg=" --bpf-lb-source-range-map-max='0'" subsys=daemon level=info msg=" --bpf-map-dynamic-size-ratio='0.0025'" subsys=daemon level=info msg=" --bpf-map-event-buffers=''" subsys=daemon level=info msg=" --bpf-nat-global-max='524288'" subsys=daemon level=info msg=" --bpf-neigh-global-max='524288'" subsys=daemon level=info msg=" --bpf-policy-map-full-reconciliation-interval='15m0s'" subsys=daemon level=info msg=" --bpf-policy-map-max='16384'" subsys=daemon level=info msg=" --bpf-root='/sys/fs/bpf'" subsys=daemon level=info msg=" --bpf-sock-rev-map-max='262144'" subsys=daemon level=info msg=" --bypass-ip-availability-upon-restore='false'" subsys=daemon level=info msg=" --certificates-directory='/var/run/cilium/certs'" subsys=daemon level=info msg=" --cflags=''" subsys=daemon level=info msg=" --cgroup-root='/run/cilium/cgroupv2'" subsys=daemon level=info msg=" --cilium-endpoint-gc-interval='5m0s'" subsys=daemon level=info msg=" --cluster-health-port='4240'" subsys=daemon level=info msg=" --cluster-id='0'" subsys=daemon level=info msg=" --cluster-name='default'" subsys=daemon level=info msg=" --cluster-pool-ipv4-cidr='10.0.0.0/8'" subsys=daemon level=info msg=" --cluster-pool-ipv4-mask-size='24'" subsys=daemon level=info msg=" --clustermesh-config='/var/lib/cilium/clustermesh/'" subsys=daemon level=info msg=" --clustermesh-ip-identities-sync-timeout='1m0s'" subsys=daemon level=info msg=" --cmdref=''" subsys=daemon level=info msg=" --cni-chaining-mode='none'" subsys=daemon level=info msg=" --cni-chaining-target=''" subsys=daemon level=info msg=" --cni-exclusive='true'" subsys=daemon level=info msg=" --cni-external-routing='false'" subsys=daemon level=info msg=" --cni-log-file='/var/run/cilium/cilium-cni.log'" subsys=daemon level=info msg=" --cnp-node-status-gc-interval='0s'" subsys=daemon level=info msg=" --config=''" subsys=daemon level=info msg=" --config-dir='/tmp/cilium/config-map'" subsys=daemon level=info msg=" --config-sources='config-map:kube-system/cilium-config'" subsys=daemon level=info msg=" --conntrack-gc-interval='0s'" subsys=daemon level=info msg=" --conntrack-gc-max-interval='0s'" subsys=daemon level=info msg=" --crd-wait-timeout='5m0s'" subsys=daemon level=info msg=" --custom-cni-conf='false'" subsys=daemon level=info msg=" --datapath-mode='veth'" subsys=daemon level=info msg=" --debug='false'" subsys=daemon level=info msg=" --debug-verbose=''" subsys=daemon level=info msg=" --derive-masquerade-ip-addr-from-device=''" subsys=daemon level=info msg=" --devices=''" subsys=daemon level=info msg=" --direct-routing-device=''" subsys=daemon level=info msg=" --disable-cnp-status-updates='true'" subsys=daemon level=info msg=" --disable-endpoint-crd='false'" subsys=daemon level=info msg=" --disable-envoy-version-check='false'" subsys=daemon level=info msg=" --disable-iptables-feeder-rules=''" subsys=daemon level=info msg=" --dns-max-ips-per-restored-rule='1000'" subsys=daemon level=info msg=" --dns-policy-unload-on-shutdown='false'" subsys=daemon level=info msg=" --dnsproxy-concurrency-limit='0'" subsys=daemon level=info msg=" --dnsproxy-concurrency-processing-grace-period='0s'" subsys=daemon level=info msg=" --dnsproxy-enable-transparent-mode='true'" subsys=daemon level=info msg=" --dnsproxy-lock-count='128'" subsys=daemon level=info msg=" --dnsproxy-lock-timeout='500ms'" subsys=daemon level=info msg=" --egress-gateway-policy-map-max='16384'" subsys=daemon level=info msg=" --egress-gateway-reconciliation-trigger-interval='1s'" subsys=daemon level=info msg=" --egress-masquerade-interfaces=''" subsys=daemon level=info msg=" --egress-multi-home-ip-rule-compat='false'" subsys=daemon level=info msg=" --enable-auto-protect-node-port-range='true'" subsys=daemon level=info msg=" --enable-bandwidth-manager='false'" subsys=daemon level=info msg=" --enable-bbr='false'" subsys=daemon level=info msg=" --enable-bgp-control-plane='false'" subsys=daemon level=info msg=" --enable-bpf-clock-probe='false'" subsys=daemon level=info msg=" --enable-bpf-masquerade='false'" subsys=daemon level=info msg=" --enable-bpf-tproxy='false'" subsys=daemon level=info msg=" --enable-cilium-api-server-access='*'" subsys=daemon level=info msg=" --enable-cilium-endpoint-slice='false'" subsys=daemon level=info msg=" --enable-cilium-health-api-server-access='*'" subsys=daemon level=info msg=" --enable-custom-calls='false'" subsys=daemon level=info msg=" --enable-endpoint-health-checking='true'" subsys=daemon level=info msg=" --enable-endpoint-routes='false'" subsys=daemon level=info msg=" --enable-envoy-config='false'" subsys=daemon level=info msg=" --enable-external-ips='false'" subsys=daemon level=info msg=" --enable-health-check-nodeport='true'" subsys=daemon level=info msg=" --enable-health-checking='true'" subsys=daemon level=info msg=" --enable-high-scale-ipcache='false'" subsys=daemon level=info msg=" --enable-host-firewall='false'" subsys=daemon level=info msg=" --enable-host-legacy-routing='false'" subsys=daemon level=info msg=" --enable-host-port='false'" subsys=daemon level=info msg=" --enable-hubble='false'" subsys=daemon level=info msg=" --enable-hubble-recorder-api='true'" subsys=daemon level=info msg=" --enable-icmp-rules='true'" subsys=daemon level=info msg=" --enable-identity-mark='true'" subsys=daemon level=info msg=" --enable-ip-masq-agent='false'" subsys=daemon level=info msg=" --enable-ipsec='false'" subsys=daemon level=info msg=" --enable-ipsec-key-watcher='true'" subsys=daemon level=info msg=" --enable-ipv4='true'" subsys=daemon level=info msg=" --enable-ipv4-big-tcp='false'" subsys=daemon level=info msg=" --enable-ipv4-egress-gateway='false'" subsys=daemon level=info msg=" --enable-ipv4-fragment-tracking='true'" subsys=daemon level=info msg=" --enable-ipv4-masquerade='true'" subsys=daemon level=info msg=" --enable-ipv6='false'" subsys=daemon level=info msg=" --enable-ipv6-big-tcp='false'" subsys=daemon level=info msg=" --enable-ipv6-masquerade='true'" subsys=daemon level=info msg=" --enable-ipv6-ndp='false'" subsys=daemon level=info msg=" --enable-k8s='true'" subsys=daemon level=info msg=" --enable-k8s-api-discovery='false'" subsys=daemon level=info msg=" --enable-k8s-endpoint-slice='true'" subsys=daemon level=info msg=" --enable-k8s-event-handover='false'" subsys=daemon level=info msg=" --enable-k8s-networkpolicy='true'" subsys=daemon level=info msg=" --enable-k8s-terminating-endpoint='true'" subsys=daemon level=info msg=" --enable-l2-announcements='false'" subsys=daemon level=info msg=" --enable-l2-neigh-discovery='true'" subsys=daemon level=info msg=" --enable-l2-pod-announcements='false'" subsys=daemon level=info msg=" --enable-l7-proxy='true'" subsys=daemon level=info msg=" --enable-local-node-route='true'" subsys=daemon level=info msg=" --enable-local-redirect-policy='false'" subsys=daemon level=info msg=" --enable-mke='false'" subsys=daemon level=info msg=" --enable-monitor='true'" subsys=daemon level=info msg=" --enable-nat46x64-gateway='false'" subsys=daemon level=info msg=" --enable-node-port='false'" subsys=daemon level=info msg=" --enable-pmtu-discovery='false'" subsys=daemon level=info msg=" --enable-policy='default'" subsys=daemon level=info msg=" --enable-recorder='false'" subsys=daemon level=info msg=" --enable-remote-node-identity='true'" subsys=daemon level=info msg=" --enable-runtime-device-detection='false'" subsys=daemon level=info msg=" --enable-sctp='false'" subsys=daemon level=info msg=" --enable-service-topology='false'" subsys=daemon level=info msg=" --enable-session-affinity='false'" subsys=daemon level=info msg=" --enable-srv6='false'" subsys=daemon level=info msg=" --enable-stale-cilium-endpoint-cleanup='true'" subsys=daemon level=info msg=" --enable-svc-source-range-check='true'" subsys=daemon level=info msg=" --enable-tracing='false'" subsys=daemon level=info msg=" --enable-unreachable-routes='false'" subsys=daemon level=info msg=" --enable-vtep='false'" subsys=daemon level=info msg=" --enable-well-known-identities='false'" subsys=daemon level=info msg=" --enable-wireguard='false'" subsys=daemon level=info msg=" --enable-wireguard-userspace-fallback='false'" subsys=daemon level=info msg=" --enable-xdp-prefilter='false'" subsys=daemon level=info msg=" --enable-xt-socket-fallback='true'" subsys=daemon level=info msg=" --encrypt-interface=''" subsys=daemon level=info msg=" --encrypt-node='false'" subsys=daemon level=info msg=" --endpoint-gc-interval='5m0s'" subsys=daemon level=info msg=" --endpoint-queue-size='25'" subsys=daemon level=info msg=" --endpoint-status=''" subsys=daemon level=info msg=" --envoy-config-timeout='2m0s'" subsys=daemon level=info msg=" --envoy-log=''" subsys=daemon level=info msg=" --exclude-local-address=''" subsys=daemon level=info msg=" --external-envoy-proxy='false'" subsys=daemon level=info msg=" --fixed-identity-mapping=''" subsys=daemon level=info msg=" --fqdn-regex-compile-lru-size='1024'" subsys=daemon level=info msg=" --gops-port='9890'" subsys=daemon level=info msg=" --http-403-msg=''" subsys=daemon level=info msg=" --http-idle-timeout='0'" subsys=daemon level=info msg=" --http-max-grpc-timeout='0'" subsys=daemon level=info msg=" --http-normalize-path='true'" subsys=daemon level=info msg=" --http-request-timeout='3600'" subsys=daemon level=info msg=" --http-retry-count='3'" subsys=daemon level=info msg=" --http-retry-timeout='0'" subsys=daemon level=info msg=" --hubble-disable-tls='false'" subsys=daemon level=info msg=" --hubble-event-buffer-capacity='4095'" subsys=daemon level=info msg=" --hubble-event-queue-size='0'" subsys=daemon level=info msg=" --hubble-export-file-compress='false'" subsys=daemon level=info msg=" --hubble-export-file-max-backups='5'" subsys=daemon level=info msg=" --hubble-export-file-max-size-mb='10'" subsys=daemon level=info msg=" --hubble-export-file-path=''" subsys=daemon level=info msg=" --hubble-listen-address=''" subsys=daemon level=info msg=" --hubble-metrics=''" subsys=daemon level=info msg=" --hubble-metrics-server=''" subsys=daemon level=info msg=" --hubble-monitor-events=''" subsys=daemon level=info msg=" --hubble-prefer-ipv6='false'" subsys=daemon level=info msg=" --hubble-recorder-sink-queue-size='1024'" subsys=daemon level=info msg=" --hubble-recorder-storage-path='/var/run/cilium/pcaps'" subsys=daemon level=info msg=" --hubble-skip-unknown-cgroup-ids='true'" subsys=daemon level=info msg=" --hubble-socket-path='/var/run/cilium/hubble.sock'" subsys=daemon level=info msg=" --hubble-tls-cert-file=''" subsys=daemon level=info msg=" --hubble-tls-client-ca-files=''" subsys=daemon level=info msg=" --hubble-tls-key-file=''" subsys=daemon level=info msg=" --identity-allocation-mode='crd'" subsys=daemon level=info msg=" --identity-change-grace-period='5s'" subsys=daemon level=info msg=" --identity-gc-interval='15m0s'" subsys=daemon level=info msg=" --identity-heartbeat-timeout='30m0s'" subsys=daemon level=info msg=" --identity-restore-grace-period='10m0s'" subsys=daemon level=info msg=" --install-egress-gateway-routes='false'" subsys=daemon level=info msg=" --install-iptables-rules='true'" subsys=daemon level=info msg=" --install-no-conntrack-iptables-rules='false'" subsys=daemon level=info msg=" --ip-allocation-timeout='2m0s'" subsys=daemon level=info msg=" --ip-masq-agent-config-path='/etc/config/ip-masq-agent'" subsys=daemon level=info msg=" --ipam='cluster-pool'" subsys=daemon level=info msg=" --ipam-cilium-node-update-rate='15s'" subsys=daemon level=info msg=" --ipam-multi-pool-pre-allocation='default=8'" subsys=daemon level=info msg=" --ipsec-key-file=''" subsys=daemon level=info msg=" --ipsec-key-rotation-duration='5m0s'" subsys=daemon level=info msg=" --iptables-lock-timeout='5s'" subsys=daemon level=info msg=" --iptables-random-fully='false'" subsys=daemon level=info msg=" --ipv4-native-routing-cidr=''" subsys=daemon level=info msg=" --ipv4-node='auto'" subsys=daemon level=info msg=" --ipv4-pod-subnets=''" subsys=daemon level=info msg=" --ipv4-range='auto'" subsys=daemon level=info msg=" --ipv4-service-loopback-address='169.254.42.1'" subsys=daemon level=info msg=" --ipv4-service-range='auto'" subsys=daemon level=info msg=" --ipv6-cluster-alloc-cidr='f00d::/64'" subsys=daemon level=info msg=" --ipv6-mcast-device=''" subsys=daemon level=info msg=" --ipv6-native-routing-cidr=''" subsys=daemon level=info msg=" --ipv6-node='auto'" subsys=daemon level=info msg=" --ipv6-pod-subnets=''" subsys=daemon level=info msg=" --ipv6-range='auto'" subsys=daemon level=info msg=" --ipv6-service-range='auto'" subsys=daemon level=info msg=" --join-cluster='false'" subsys=daemon level=info msg=" --k8s-api-server=''" subsys=daemon level=info msg=" --k8s-client-burst='10'" subsys=daemon level=info msg=" --k8s-client-qps='5'" subsys=daemon level=info msg=" --k8s-heartbeat-timeout='30s'" subsys=daemon level=info msg=" --k8s-kubeconfig-path=''" subsys=daemon level=info msg=" --k8s-namespace='kube-system'" subsys=daemon level=info msg=" --k8s-require-ipv4-pod-cidr='false'" subsys=daemon level=info msg=" --k8s-require-ipv6-pod-cidr='false'" subsys=daemon level=info msg=" --k8s-service-cache-size='128'" subsys=daemon level=info msg=" --k8s-service-proxy-name=''" subsys=daemon level=info msg=" --k8s-sync-timeout='3m0s'" subsys=daemon level=info msg=" --k8s-watcher-endpoint-selector='metadata.name!=kube-scheduler,metadata.name!=kube-controller-manager,metadata.name!=etcd-operator,metadata.name!=gcp-controller-manager'" subsys=daemon level=info msg=" --keep-config='false'" subsys=daemon level=info msg=" --kube-proxy-replacement='disabled'" subsys=daemon level=info msg=" --kube-proxy-replacement-healthz-bind-address=''" subsys=daemon level=info msg=" --kvstore=''" subsys=daemon level=info msg=" --kvstore-connectivity-timeout='2m0s'" subsys=daemon level=info msg=" --kvstore-lease-ttl='15m0s'" subsys=daemon level=info msg=" --kvstore-max-consecutive-quorum-errors='2'" subsys=daemon level=info msg=" --kvstore-opt=''" subsys=daemon level=info msg=" --kvstore-periodic-sync='5m0s'" subsys=daemon level=info msg=" --l2-announcements-lease-duration='15s'" subsys=daemon level=info msg=" --l2-announcements-renew-deadline='5s'" subsys=daemon level=info msg=" --l2-announcements-retry-period='2s'" subsys=daemon level=info msg=" --l2-pod-announcements-interface=''" subsys=daemon level=info msg=" --label-prefix-file=''" subsys=daemon level=info msg=" --labels=''" subsys=daemon level=info msg=" --lib-dir='/var/lib/cilium'" subsys=daemon level=info msg=" --local-max-addr-scope='252'" subsys=daemon level=info msg=" --local-router-ipv4=''" subsys=daemon level=info msg=" --local-router-ipv6=''" subsys=daemon level=info msg=" --log-driver=''" subsys=daemon level=info msg=" --log-opt=''" subsys=daemon level=info msg=" --log-system-load='false'" subsys=daemon level=info msg=" --max-controller-interval='0'" subsys=daemon level=info msg=" --mesh-auth-enabled='true'" subsys=daemon level=info msg=" --mesh-auth-gc-interval='5m0s'" subsys=daemon level=info msg=" --mesh-auth-mutual-listener-port='0'" subsys=daemon level=info msg=" --mesh-auth-queue-size='1024'" subsys=daemon level=info msg=" --mesh-auth-rotated-identities-queue-size='1024'" subsys=daemon level=info msg=" --mesh-auth-signal-backoff-duration='1s'" subsys=daemon level=info msg=" --mesh-auth-spiffe-trust-domain='spiffe.cilium'" subsys=daemon level=info msg=" --mesh-auth-spire-admin-socket=''" subsys=daemon level=info msg=" --metrics=''" subsys=daemon level=info msg=" --mke-cgroup-mount=''" subsys=daemon level=info msg=" --monitor-aggregation='medium'" subsys=daemon level=info msg=" --monitor-aggregation-flags='all'" subsys=daemon level=info msg=" --monitor-aggregation-interval='5s'" subsys=daemon level=info msg=" --monitor-queue-size='0'" subsys=daemon level=info msg=" --mtu='0'" subsys=daemon level=info msg=" --node-encryption-opt-out-labels='node-role.kubernetes.io/control-plane'" subsys=daemon level=info msg=" --node-port-acceleration='disabled'" subsys=daemon level=info msg=" --node-port-algorithm='random'" subsys=daemon level=info msg=" --node-port-bind-protection='true'" subsys=daemon level=info msg=" --node-port-mode='snat'" subsys=daemon level=info msg=" --node-port-range='30000,32767'" subsys=daemon level=info msg=" --nodes-gc-interval='5m0s'" subsys=daemon level=info msg=" --operator-api-serve-addr='127.0.0.1:9234'" subsys=daemon level=info msg=" --policy-audit-mode='false'" subsys=daemon level=info msg=" --policy-queue-size='100'" subsys=daemon level=info msg=" --policy-trigger-interval='1s'" subsys=daemon level=info msg=" --pprof='false'" subsys=daemon level=info msg=" --pprof-address='localhost'" subsys=daemon level=info msg=" --pprof-port='6060'" subsys=daemon level=info msg=" --preallocate-bpf-maps='false'" subsys=daemon level=info msg=" --prepend-iptables-chains='true'" subsys=daemon level=info msg=" --procfs='/host/proc'" subsys=daemon level=info msg=" --prometheus-serve-addr=':9962'" subsys=daemon level=info msg=" --proxy-connect-timeout='2'" subsys=daemon level=info msg=" --proxy-gid='1337'" subsys=daemon level=info msg=" --proxy-idle-timeout-seconds='60'" subsys=daemon level=info msg=" --proxy-max-connection-duration-seconds='0'" subsys=daemon level=info msg=" --proxy-max-requests-per-connection='0'" subsys=daemon level=info msg=" --proxy-prometheus-port='9964'" subsys=daemon level=info msg=" --read-cni-conf=''" subsys=daemon level=info msg=" --remove-cilium-node-taints='true'" subsys=daemon level=info msg=" --restore='true'" subsys=daemon level=info msg=" --route-metric='0'" subsys=daemon level=info msg=" --routing-mode='tunnel'" subsys=daemon level=info msg=" --set-cilium-is-up-condition='true'" subsys=daemon level=info msg=" --set-cilium-node-taints='true'" subsys=daemon level=info msg=" --sidecar-istio-proxy-image='cilium/istio_proxy'" subsys=daemon level=info msg=" --single-cluster-route='false'" subsys=daemon level=info msg=" --skip-cnp-status-startup-clean='false'" subsys=daemon level=info msg=" --socket-path='/var/run/cilium/cilium.sock'" subsys=daemon level=info msg=" --srv6-encap-mode='reduced'" subsys=daemon level=info msg=" --state-dir='/var/run/cilium'" subsys=daemon level=info msg=" --synchronize-k8s-nodes='true'" subsys=daemon level=info msg=" --tofqdns-dns-reject-response-code='refused'" subsys=daemon level=info msg=" --tofqdns-enable-dns-compression='true'" subsys=daemon level=info msg=" --tofqdns-endpoint-max-ip-per-hostname='50'" subsys=daemon level=info msg=" --tofqdns-idle-connection-grace-period='0s'" subsys=daemon level=info msg=" --tofqdns-max-deferred-connection-deletes='10000'" subsys=daemon level=info msg=" --tofqdns-min-ttl='0'" subsys=daemon level=info msg=" --tofqdns-pre-cache=''" subsys=daemon level=info msg=" --tofqdns-proxy-port='0'" subsys=daemon level=info msg=" --tofqdns-proxy-response-max-delay='100ms'" subsys=daemon level=info msg=" --trace-payloadlen='128'" subsys=daemon level=info msg=" --trace-sock='true'" subsys=daemon level=info msg=" --tunnel=''" subsys=daemon level=info msg=" --tunnel-port='6082'" subsys=daemon level=info msg=" --tunnel-protocol='geneve'" subsys=daemon level=info msg=" --unmanaged-pod-watcher-interval='15'" subsys=daemon level=info msg=" --use-cilium-internal-ip-for-ipsec='false'" subsys=daemon level=info msg=" --version='false'" subsys=daemon level=info msg=" --vlan-bpf-bypass=''" subsys=daemon level=info msg=" --vtep-cidr=''" subsys=daemon level=info msg=" --vtep-endpoint=''" subsys=daemon level=info msg=" --vtep-mac=''" subsys=daemon level=info msg=" --vtep-mask=''" subsys=daemon level=info msg=" --wireguard-encapsulate='false'" subsys=daemon level=info msg=" --write-cni-conf-when-ready='/host/etc/cni/net.d/05-cilium.conflist'" subsys=daemon level=info msg=" _ _ _" subsys=daemon level=info msg=" ___|_| |_|_ _ _____" subsys=daemon level=info msg="| _| | | | | | |" subsys=daemon level=info msg="|___|_|_|_|___|_|_|_|" subsys=daemon level=info msg="Cilium 1.14.8 cf6e022e 2024-03-13T12:23:35-04:00 go version go1.21.8 linux/amd64" subsys=daemon level=info msg="clang (10.0.0) and kernel (5.15.0) versions: OK!" subsys=linux-datapath level=info msg="linking environment: OK!" subsys=linux-datapath level=info msg="Kernel config file not found: if the agent fails to start, check the system requirements at https://docs.cilium.io/en/stable/operations/system_requirements" subsys=probes level=info msg="Detected mounted BPF filesystem at /sys/fs/bpf" subsys=bpf level=info msg="Mounted cgroupv2 filesystem at /run/cilium/cgroupv2" subsys=cgroups level=info msg="Parsing base label prefixes from default label list" subsys=labels-filter level=info msg="Parsing additional label prefixes from user inputs: []" subsys=labels-filter level=info msg="Final label prefixes to be used for identity evaluation:" subsys=labels-filter level=info msg=" - reserved:.*" subsys=labels-filter level=info msg=" - :io\\.kubernetes\\.pod\\.namespace" subsys=labels-filter level=info msg=" - :io\\.cilium\\.k8s\\.namespace\\.labels" subsys=labels-filter level=info msg=" - :app\\.kubernetes\\.io" subsys=labels-filter level=info msg=" - !:io\\.kubernetes" subsys=labels-filter level=info msg=" - !:kubernetes\\.io" subsys=labels-filter level=info msg=" - !:.*beta\\.kubernetes\\.io" subsys=labels-filter level=info msg=" - !:k8s\\.io" subsys=labels-filter level=info msg=" - !:pod-template-generation" subsys=labels-filter level=info msg=" - !:pod-template-hash" subsys=labels-filter level=info msg=" - !:controller-revision-hash" subsys=labels-filter level=info msg=" - !:annotation.*" subsys=labels-filter level=info msg=" - !:etcd_node" subsys=labels-filter level=info msg=Invoked duration=1.042271ms function="pprof.glob..func1 (cell.go:50)" subsys=hive level=info msg=Invoked duration="62.032µs" function="gops.registerGopsHooks (cell.go:38)" subsys=hive level=info msg=Invoked duration=1.210565ms function="metrics.NewRegistry (registry.go:65)" subsys=hive level=info msg=Invoked duration="12.011µs" function="metrics.glob..func1 (cell.go:12)" subsys=hive level=info msg="Spire Delegate API Client is disabled as no socket path is configured" subsys=spire-delegate level=info msg="Mutual authentication handler is disabled as no port is configured" subsys=auth level=info msg=Invoked duration=92.704443ms function="cmd.glob..func4 (daemon_main.go:1607)" subsys=hive level=info msg=Invoked duration="10.07µs" function="gc.registerSignalHandler (cell.go:47)" subsys=hive level=info msg=Invoked duration="14.341µs" function="utime.initUtimeSync (cell.go:29)" subsys=hive level=info msg=Invoked duration="46.231µs" function="agentliveness.newAgentLivenessUpdater (agent_liveness.go:43)" subsys=hive level=info msg=Invoked duration="47.681µs" function="l2responder.NewL2ResponderReconciler (l2responder.go:63)" subsys=hive level=info msg=Invoked duration="53.631µs" function="garp.newGARPProcessor (processor.go:27)" subsys=hive level=info msg=Starting subsys=hive level=info msg="Started gops server" address="127.0.0.1:9890" subsys=gops level=info msg="Start hook executed" duration="414.918µs" function="gops.registerGopsHooks.func1 (cell.go:43)" subsys=hive level=info msg="Start hook executed" duration="1.35µs" function="metrics.NewRegistry.func1 (registry.go:86)" subsys=hive level=info msg="Establishing connection to apiserver" host="https://10.96.0.1:443" subsys=k8s-client level=info msg="Serving prometheus metrics on :9962" subsys=metrics level=info msg="Connected to apiserver" subsys=k8s-client level=info msg="Start hook executed" duration=10.783185ms function="client.(*compositeClientset).onStart" subsys=hive level=info msg="Start hook executed" duration=7.371384ms function="authmap.newAuthMap.func1 (cell.go:27)" subsys=hive level=info msg="Start hook executed" duration="58.672µs" function="configmap.newMap.func1 (cell.go:23)" subsys=hive level=info msg="Start hook executed" duration="55.561µs" function="signalmap.newMap.func1 (cell.go:44)" subsys=hive level=info msg="Start hook executed" duration="310.927µs" function="nodemap.newNodeMap.func1 (cell.go:23)" subsys=hive level=info msg="Start hook executed" duration="115.873µs" function="eventsmap.newEventsMap.func1 (cell.go:35)" subsys=hive level=info msg="Start hook executed" duration="71.771µs" function="*cni.cniConfigManager.Start" subsys=hive level=info msg="Generating CNI configuration file with mode none" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Wrote CNI configuration file to /host/etc/cni/net.d/05-cilium.conflist" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Generating CNI configuration file with mode none" subsys=cni-config level=info msg="Start hook executed" duration=39.459272ms function="datapath.newDatapath.func1 (cells.go:113)" subsys=hive level=info msg="Restored 0 node IDs from the BPF map" subsys=linux-datapath level=info msg="Start hook executed" duration="80.472µs" function="datapath.newDatapath.func2 (cells.go:126)" subsys=hive level=info msg="Start hook executed" duration="5.17µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1.Node].Start" subsys=hive level=info msg="Start hook executed" duration="1.67µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2.CiliumNode].Start" subsys=hive level=info msg="Using autogenerated IPv4 allocation range" subsys=node v4Prefix=10.38.0.0/16 level=info msg="no local ciliumnode found, will not restore cilium internal ips from k8s" subsys=daemon level=info msg="Start hook executed" duration=103.517788ms function="node.NewLocalNodeStore.func1 (local_node_store.go:76)" subsys=hive level=info msg="Start hook executed" duration="3.79µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1.Service].Start" subsys=hive level=info msg="Start hook executed" duration=100.389813ms function="*manager.diffStore[*github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1.Service].Start" subsys=hive level=info msg="Start hook executed" duration="3.75µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s.Endpoints].Start" subsys=hive level=info msg="Using discoveryv1.EndpointSlice" subsys=k8s level=info msg="Start hook executed" duration=101.024043ms function="*manager.diffStore[*github.com/cilium/cilium/pkg/k8s.Endpoints].Start" subsys=hive level=info msg="Start hook executed" duration="3.16µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1.Pod].Start" subsys=hive level=info msg="Start hook executed" duration="1.27µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1.Namespace].Start" subsys=hive level=info msg="Start hook executed" duration="1.09µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2.CiliumNetworkPolicy].Start" subsys=hive level=info msg="Start hook executed" duration="1.03µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2.CiliumClusterwideNetworkPolicy].Start" subsys=hive level=info msg="Start hook executed" duration="2.86µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1.CiliumCIDRGroup].Start" subsys=hive level=info msg="Start hook executed" duration="23.291µs" function="endpointmanager.newDefaultEndpointManager.func1 (cell.go:203)" subsys=hive level=info msg="Start hook executed" duration="10.15µs" function="cmd.newPolicyTrifecta.func1 (policy.go:135)" subsys=hive level=info msg="Start hook executed" duration="57.301µs" function="*manager.manager.Start" subsys=hive level=info msg="Serving cilium node monitor v1.2 API at unix:///var/run/cilium/monitor1_2.sock" subsys=monitor-agent level=info msg="Start hook executed" duration="224.045µs" function="agent.newMonitorAgent.func1 (cell.go:61)" subsys=hive level=info msg="Start hook executed" duration="1.28µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1.CiliumL2AnnouncementPolicy].Start" subsys=hive level=info msg="Start hook executed" duration="5.01µs" function="*job.group.Start" subsys=hive level=info msg="Start hook executed" duration="143.153µs" function="proxy.newProxy.func1 (cell.go:55)" subsys=hive level=info msg="Envoy: Starting xDS gRPC server listening on /var/run/cilium/envoy/sockets/xds.sock" subsys=envoy-manager level=info msg="Start hook executed" duration="352.157µs" function="signal.provideSignalManager.func1 (cell.go:25)" subsys=hive level=info msg="Datapath signal listener running" subsys=signal level=info msg="Start hook executed" duration=1.006332ms function="auth.registerAuthManager.func1 (cell.go:109)" subsys=hive level=info msg="Start hook executed" duration="3.131µs" function="auth.registerGCJobs.func1 (cell.go:158)" subsys=hive level=info msg="Start hook executed" duration="17.07µs" function="*job.group.Start" subsys=hive level=warning msg="Deprecated value for --kube-proxy-replacement: disabled (use either \"true\", or \"false\")" subsys=daemon level=info msg="Auto-disabling \"enable-node-port\", \"enable-external-ips\", \"bpf-lb-sock\", \"enable-host-port\" features and falling back to \"enable-host-legacy-routing\"" subsys=daemon level=info msg="Inheriting MTU from external network interface" device=ens3 ipAddr=199.204.45.38 mtu=1500 subsys=mtu level=info msg="Removed map pin at /sys/fs/bpf/tc/globals/cilium_ipcache, recreating and re-pinning map cilium_ipcache" file-path=/sys/fs/bpf/tc/globals/cilium_ipcache name=cilium_ipcache subsys=bpf level=info msg="Removed map pin at /sys/fs/bpf/tc/globals/cilium_tunnel_map, recreating and re-pinning map cilium_tunnel_map" file-path=/sys/fs/bpf/tc/globals/cilium_tunnel_map name=cilium_tunnel_map subsys=bpf level=info msg="Restored services from maps" failedServices=0 restoredServices=0 subsys=service level=info msg="Restored backends from maps" failedBackends=0 restoredBackends=0 skippedBackends=0 subsys=service level=info msg="Reading old endpoints..." subsys=daemon level=info msg="No old endpoints found." subsys=daemon level=info msg="Waiting until all Cilium CRDs are available" subsys=k8s level=info msg="All Cilium CRDs have been found and are available" subsys=k8s level=info msg="Creating or updating CiliumNode resource" node=instance subsys=nodediscovery level=info msg="Creating or updating CiliumNode resource" node=instance subsys=nodediscovery level=warning msg="Unable to get node resource" error="ciliumnodes.cilium.io \"instance\" not found" subsys=nodediscovery level=warning msg="Unable to get node resource" error="ciliumnodes.cilium.io \"instance\" not found" subsys=nodediscovery level=info msg="Successfully created CiliumNode resource" subsys=nodediscovery level=warning msg="Unable to create CiliumNode resource, will retry" error="ciliumnodes.cilium.io \"instance\" already exists" subsys=nodediscovery level=info msg="Retrieved node information from cilium node" nodeName=instance subsys=k8s level=warning msg="Waiting for k8s node information" error="required IPv4 PodCIDR not available" subsys=k8s level=info msg="Retrieved node information from cilium node" nodeName=instance subsys=k8s level=info msg="Received own node information from API server" ipAddr.ipv4=199.204.45.38 ipAddr.ipv6="" k8sNodeIP=199.204.45.38 labels="map[beta.kubernetes.io/arch:amd64 beta.kubernetes.io/os:linux kubernetes.io/arch:amd64 kubernetes.io/hostname:instance kubernetes.io/os:linux node-role.kubernetes.io/control-plane: node.kubernetes.io/exclude-from-external-load-balancers:]" nodeName=instance subsys=k8s v4Prefix=10.0.0.0/24 v6Prefix="" level=info msg="k8s mode: Allowing localhost to reach local endpoints" subsys=daemon level=info msg="Detected devices" devices="[]" subsys=linux-datapath level=info msg="Enabling k8s event listener" subsys=k8s-watcher level=info msg="Removing stale endpoint interfaces" subsys=daemon level=info msg="Skipping kvstore configuration" subsys=daemon level=info msg="Initializing node addressing" subsys=daemon level=info msg="Waiting until local node addressing before starting watchers depending on it" subsys=k8s-watcher level=info msg="Initializing cluster-pool IPAM" subsys=ipam v4Prefix=10.0.0.0/24 v6Prefix="" level=info msg="Restoring endpoints..." subsys=daemon level=info msg="Endpoints restored" failed=0 restored=0 subsys=daemon level=info msg="Addressing information:" subsys=daemon level=info msg=" Cluster-Name: default" subsys=daemon level=info msg=" Cluster-ID: 0" subsys=daemon level=info msg=" Local node-name: instance" subsys=daemon level=info msg=" Node-IPv6: " subsys=daemon level=info msg=" External-Node IPv4: 199.204.45.38" subsys=daemon level=info msg=" Internal-Node IPv4: 10.0.0.84" subsys=daemon level=info msg=" IPv4 allocation prefix: 10.0.0.0/24" subsys=daemon level=info msg=" Loopback IPv4: 169.254.42.1" subsys=daemon level=info msg=" Local IPv4 addresses:" subsys=daemon level=info msg=" - 199.204.45.38" subsys=daemon level=info msg=" - 172.17.0.100" subsys=daemon level=info msg="Node updated" clusterName=default nodeName=instance subsys=nodemanager level=info msg="Adding local node to cluster" node="{instance default [{InternalIP 199.204.45.38} {CiliumInternalIP 10.0.0.84}] 10.0.0.0/24 [] [] 10.0.0.22 0 local 0 map[beta.kubernetes.io/arch:amd64 beta.kubernetes.io/os:linux kubernetes.io/arch:amd64 kubernetes.io/hostname:instance kubernetes.io/os:linux node-role.kubernetes.io/control-plane: node.kubernetes.io/exclude-from-external-load-balancers:] map[] 1 }" subsys=nodediscovery level=info msg="Creating or updating CiliumNode resource" node=instance subsys=nodediscovery level=info msg="Waiting until all pre-existing resources have been received" subsys=k8s-watcher level=info msg="Initializing identity allocator" subsys=identity-cache level=info msg="Allocating identities between range" cluster-id=0 max=65535 min=256 subsys=identity-cache level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.forwarding sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.rp_filter sysParamValue=0 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.accept_local sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.send_redirects sysParamValue=0 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.forwarding sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.rp_filter sysParamValue=0 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.accept_local sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.send_redirects sysParamValue=0 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.core.bpf_jit_enable sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.all.rp_filter sysParamValue=0 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.fib_multipath_use_neigh sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=kernel.unprivileged_bpf_disabled sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=kernel.timer_migration sysParamValue=0 level=info msg="Setting up BPF datapath" bpfClockSource=ktime bpfInsnSet="" subsys=datapath-loader level=info msg="Iptables rules installed" subsys=iptables level=info msg="Adding new proxy port rules for cilium-dns-egress:38301" id=cilium-dns-egress subsys=proxy level=info msg="Iptables proxy rules installed" subsys=iptables level=info msg="Start hook executed" duration=2.383767742s function="cmd.newDaemonPromise.func1 (daemon_main.go:1663)" subsys=hive level=info msg="Initializing daemon" subsys=daemon level=info msg="Validating configured node address ranges" subsys=daemon level=info msg="Starting connection tracking garbage collector" subsys=daemon level=info msg="Starting IP identity watcher" subsys=ipcache level=info msg="Start hook executed" duration="94.523µs" function="utime.initUtimeSync.func1 (cell.go:33)" subsys=hive level=info msg="Start hook executed" duration="89.422µs" function="*job.group.Start" subsys=hive level=info msg="Start hook executed" duration="202.624µs" function="l2respondermap.newMap.func1 (l2_responder_map4.go:44)" subsys=hive level=info msg="Start hook executed" duration="68.182µs" function="*job.group.Start" subsys=hive level=info msg="Initial scan of connection tracking completed" subsys=ct-gc level=info msg="Regenerating restored endpoints" numRestored=0 subsys=daemon level=info msg="Creating host endpoint" subsys=daemon level=info msg="Finished regenerating restored endpoints" regenerated=0 subsys=daemon total=0 level=info msg="Deleted orphan backends" orphanBackends=0 subsys=service level=info msg="New endpoint" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=520 ipv4= ipv6= k8sPodName=/ subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=520 identityLabels="k8s:node-role.kubernetes.io/control-plane,k8s:node.kubernetes.io/exclude-from-external-load-balancers,reserved:host" ipv4= ipv6= k8sPodName=/ subsys=endpoint level=info msg="Identity of endpoint changed" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=520 identity=1 identityLabels="k8s:node-role.kubernetes.io/control-plane,k8s:node.kubernetes.io/exclude-from-external-load-balancers,reserved:host" ipv4= ipv6= k8sPodName=/ oldIdentity="no identity" subsys=endpoint level=info msg="Launching Cilium health daemon" subsys=daemon level=info msg="Launching Cilium health endpoint" subsys=daemon level=info msg="Started healthz status API server" address="127.0.0.1:9879" subsys=daemon level=info msg="Processing queued endpoint deletion requests from /var/run/cilium/deleteQueue" subsys=daemon level=info msg="processing 0 queued deletion requests" subsys=daemon level=info msg="Initializing Cilium API" subsys=daemon level=info msg="Daemon initialization completed" bootstrapTime=3.283310005s subsys=daemon level=info msg="Hubble server is disabled" subsys=hubble level=info msg="Serving cilium API at unix:///var/run/cilium/cilium.sock" subsys=daemon level=info msg="Compiled new BPF template" BPFCompilationTime=323.521233ms file-path=/var/run/cilium/state/templates/21aac6c08f01ccfe10b1f6ab7bf7edd75bb5916eda4d9efa018736abc7204294/bpf_host.o subsys=datapath-loader level=info msg="Create endpoint request" addressing="&{10.0.0.232 a353ca33-13e8-4965-ab6c-eb6e54462fe8 default }" containerID=db80022b2ba3192938d767d66eb9eb362d85964618a064f9ded0a0a2e78b2209 datapathConfiguration="&{false false false false false }" interface=lxcae122ee0bfb9 k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-dmjhl labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=db80022b2b datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3184 ipv4=10.0.0.232 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-dmjhl subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=db80022b2b datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3184 identityLabels="k8s:app=certgen,k8s:batch.kubernetes.io/controller-uid=41afd070-26ce-492c-a6ad-f43f009db4e1,k8s:batch.kubernetes.io/job-name=envoy-gateway-gateway-helm-certgen,k8s:controller-uid=41afd070-26ce-492c-a6ad-f43f009db4e1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system,k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway-gateway-helm-certgen,k8s:io.kubernetes.pod.namespace=envoy-gateway-system,k8s:job-name=envoy-gateway-gateway-helm-certgen" ipv4=10.0.0.232 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-dmjhl subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.135 02742152-285a-40e5-b6b5-492a126a328b default }" containerID=c3c71822e49dcc22b5eb59bc444707b7ff6bc6ee9e5ff97ca0378c1deaf38b94 datapathConfiguration="&{false false false false false }" interface=lxc144cddcad46f k8sPodName=kube-system/coredns-7c96b6546b-696n4 labels="[]" subsys=daemon sync-build=true level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:envoy-gateway-system k8s:io.cilium.k8s.namespace.labels.name:envoy-gateway-system]" subsys=crd-allocator level=info msg="New endpoint" containerID=c3c71822e4 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=464 ipv4=10.0.0.135 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-696n4 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=c3c71822e4 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=464 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.135 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-696n4 subsys=endpoint level=info msg="Allocated new global key" key="k8s:app=certgen;k8s:batch.kubernetes.io/controller-uid=41afd070-26ce-492c-a6ad-f43f009db4e1;k8s:batch.kubernetes.io/job-name=envoy-gateway-gateway-helm-certgen;k8s:controller-uid=41afd070-26ce-492c-a6ad-f43f009db4e1;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system;k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway-gateway-helm-certgen;k8s:io.kubernetes.pod.namespace=envoy-gateway-system;k8s:job-name=envoy-gateway-gateway-helm-certgen;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=db80022b2b datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3184 identity=40058 identityLabels="k8s:app=certgen,k8s:batch.kubernetes.io/controller-uid=41afd070-26ce-492c-a6ad-f43f009db4e1,k8s:batch.kubernetes.io/job-name=envoy-gateway-gateway-helm-certgen,k8s:controller-uid=41afd070-26ce-492c-a6ad-f43f009db4e1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system,k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway-gateway-helm-certgen,k8s:io.kubernetes.pod.namespace=envoy-gateway-system,k8s:job-name=envoy-gateway-gateway-helm-certgen" ipv4=10.0.0.232 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-dmjhl oldIdentity="no identity" subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:kube-system]" subsys=crd-allocator level=info msg="Waiting for endpoint to be generated" containerID=db80022b2b datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3184 identity=40058 ipv4=10.0.0.232 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-dmjhl subsys=endpoint level=info msg="Invalid state transition skipped" containerID=c3c71822e4 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=464 endpointState.from=waiting-for-identity endpointState.to=waiting-to-regenerate file=/go/src/github.com/cilium/cilium/pkg/endpoint/policy.go ipv4=10.0.0.135 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-696n4 line=611 subsys=endpoint level=info msg="Allocated new global key" key="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=coredns;k8s:io.kubernetes.pod.namespace=kube-system;k8s:k8s-app=kube-dns;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=c3c71822e4 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=464 identity=60218 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.135 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-696n4 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=c3c71822e4 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=464 identity=60218 ipv4=10.0.0.135 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-696n4 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID= datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=520 identity=1 ipv4= ipv6= k8sPodName=/ subsys=endpoint level=info msg="New endpoint" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1697 ipv4=10.0.0.22 ipv6= k8sPodName=/ subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1697 identityLabels="reserved:health" ipv4=10.0.0.22 ipv6= k8sPodName=/ subsys=endpoint level=info msg="Identity of endpoint changed" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1697 identity=4 identityLabels="reserved:health" ipv4=10.0.0.22 ipv6= k8sPodName=/ oldIdentity="no identity" subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Compiled new BPF template" BPFCompilationTime=1.145557334s file-path=/var/run/cilium/state/templates/ba8b504aca81a1e42bfcfceb11f33ff2e348ee061bdca1b5cb0bc39217c10c27/bpf_lxc.o subsys=datapath-loader level=info msg="Rewrote endpoint BPF program" containerID=c3c71822e4 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=464 identity=60218 ipv4=10.0.0.135 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-696n4 subsys=endpoint level=info msg="Successful endpoint creation" containerID=c3c71822e4 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=464 identity=60218 ipv4=10.0.0.135 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-696n4 subsys=daemon level=info msg="Rewrote endpoint BPF program" containerID= datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=1697 identity=4 ipv4=10.0.0.22 ipv6= k8sPodName=/ subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=db80022b2b datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=3184 identity=40058 ipv4=10.0.0.232 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-dmjhl subsys=endpoint level=info msg="Successful endpoint creation" containerID=db80022b2b datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=3184 identity=40058 ipv4=10.0.0.232 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-dmjhl subsys=daemon level=info msg="Serving cilium health API at unix:///var/run/cilium/health.sock" subsys=health-server level=info msg="regenerating all endpoints" reason= subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=db80022b2b endpointID=3184 k8sNamespace=envoy-gateway-system k8sPodName=envoy-gateway-gateway-helm-certgen-dmjhl subsys=daemon level=info msg="Releasing key" key="[k8s:app=certgen k8s:batch.kubernetes.io/controller-uid=41afd070-26ce-492c-a6ad-f43f009db4e1 k8s:batch.kubernetes.io/job-name=envoy-gateway-gateway-helm-certgen k8s:controller-uid=41afd070-26ce-492c-a6ad-f43f009db4e1 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway-gateway-helm-certgen k8s:io.kubernetes.pod.namespace=envoy-gateway-system k8s:job-name=envoy-gateway-gateway-helm-certgen]" subsys=allocator level=info msg="Removed endpoint" containerID=db80022b2b datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=3184 identity=40058 ipv4=10.0.0.232 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-dmjhl subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.127 4e9e89f3-3926-4ba3-873d-115e2cfabed7 default }" containerID=6f7327a2ceb46c8dd9f6438986a5774a8b0ab63b8ea05c1db8bf90b588c4de2c datapathConfiguration="&{false false false false false }" interface=lxc21d4300c6f34 k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-nrxrz labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=6f7327a2ce datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=764 ipv4=10.0.0.127 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-nrxrz subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=6f7327a2ce datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=764 identityLabels="k8s:app.kubernetes.io/instance=envoy-gateway,k8s:app.kubernetes.io/name=gateway-helm,k8s:control-plane=envoy-gateway,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system,k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway,k8s:io.kubernetes.pod.namespace=envoy-gateway-system" ipv4=10.0.0.127 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-nrxrz subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:envoy-gateway-system k8s:io.cilium.k8s.namespace.labels.name:envoy-gateway-system]" subsys=crd-allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/instance=envoy-gateway;k8s:app.kubernetes.io/name=gateway-helm;k8s:control-plane=envoy-gateway;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system;k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway;k8s:io.kubernetes.pod.namespace=envoy-gateway-system;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=6f7327a2ce datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=764 identity=7311 identityLabels="k8s:app.kubernetes.io/instance=envoy-gateway,k8s:app.kubernetes.io/name=gateway-helm,k8s:control-plane=envoy-gateway,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system,k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway,k8s:io.kubernetes.pod.namespace=envoy-gateway-system" ipv4=10.0.0.127 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-nrxrz oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=6f7327a2ce datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=764 identity=7311 ipv4=10.0.0.127 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-nrxrz subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=6f7327a2ce datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=764 identity=7311 ipv4=10.0.0.127 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-nrxrz subsys=endpoint level=info msg="Successful endpoint creation" containerID=6f7327a2ce datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=764 identity=7311 ipv4=10.0.0.127 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-nrxrz subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Resolving identity labels (blocking)" containerID= datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=520 identity=1 identityLabels="k8s:node-role.kubernetes.io/control-plane,k8s:node.kubernetes.io/exclude-from-external-load-balancers,k8s:openstack-compute-node=enabled,k8s:openstack-control-plane=enabled,k8s:openvswitch=enabled,reserved:host" ipv4= ipv6= k8sPodName=/ subsys=endpoint level=info msg="Creating or updating CiliumNode resource" node=instance subsys=nodediscovery level=info msg="Re-pinning map with ':pending' suffix" bpfMapName=cilium_calls_hostns_00520 bpfMapPath=/sys/fs/bpf/tc/globals/cilium_calls_hostns_00520 subsys=bpf level=info msg="Unpinning map after successful recreation" bpfMapName=cilium_calls_hostns_00520 bpfMapPath="/sys/fs/bpf/tc/globals/cilium_calls_hostns_00520:pending" subsys=bpf level=info msg="Re-pinning map with ':pending' suffix" bpfMapName=cilium_calls_netdev_00003 bpfMapPath=/sys/fs/bpf/tc/globals/cilium_calls_netdev_00003 subsys=bpf level=info msg="Unpinning map after successful recreation" bpfMapName=cilium_calls_netdev_00003 bpfMapPath="/sys/fs/bpf/tc/globals/cilium_calls_netdev_00003:pending" subsys=bpf level=info msg="Rewrote endpoint BPF program" containerID= datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=520 identity=1 ipv4= ipv6= k8sPodName=/ subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.61 c66af3a2-bf8d-4eba-af6d-fda5a24c1f78 default }" containerID=185b1a73cce45dadb97562aef0fc19dbe6a18d1f89ed79cacaab9389184d0b87 datapathConfiguration="&{false false false false false }" interface=lxc292d9064d770 k8sPodName=kube-system/coredns-67659f764b-47svz labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=185b1a73cc datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=389 ipv4=10.0.0.61 ipv6= k8sPodName=kube-system/coredns-67659f764b-47svz subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=185b1a73cc datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=389 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.61 ipv6= k8sPodName=kube-system/coredns-67659f764b-47svz subsys=endpoint level=info msg="Identity of endpoint changed" containerID=185b1a73cc datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=389 identity=60218 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.61 ipv6= k8sPodName=kube-system/coredns-67659f764b-47svz oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=185b1a73cc datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=389 identity=60218 ipv4=10.0.0.61 ipv6= k8sPodName=kube-system/coredns-67659f764b-47svz subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.87 10956d3f-fe88-4e10-a57f-8af8831e7cb1 default }" containerID=77e98208a0248c74e9d89f2b772f779cfc9998e7111fcc0709b02521e8685c28 datapathConfiguration="&{false false false false false }" interface=lxca21e6afc9331 k8sPodName=kube-system/coredns-67659f764b-xm8v7 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=77e98208a0 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2582 ipv4=10.0.0.87 ipv6= k8sPodName=kube-system/coredns-67659f764b-xm8v7 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=77e98208a0 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2582 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.87 ipv6= k8sPodName=kube-system/coredns-67659f764b-xm8v7 subsys=endpoint level=info msg="Identity of endpoint changed" containerID=77e98208a0 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2582 identity=60218 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.87 ipv6= k8sPodName=kube-system/coredns-67659f764b-xm8v7 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=77e98208a0 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2582 identity=60218 ipv4=10.0.0.87 ipv6= k8sPodName=kube-system/coredns-67659f764b-xm8v7 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=185b1a73cc datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=389 identity=60218 ipv4=10.0.0.61 ipv6= k8sPodName=kube-system/coredns-67659f764b-47svz subsys=endpoint level=info msg="Successful endpoint creation" containerID=185b1a73cc datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=389 identity=60218 ipv4=10.0.0.61 ipv6= k8sPodName=kube-system/coredns-67659f764b-47svz subsys=daemon level=info msg="Rewrote endpoint BPF program" containerID=77e98208a0 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=2582 identity=60218 ipv4=10.0.0.87 ipv6= k8sPodName=kube-system/coredns-67659f764b-xm8v7 subsys=endpoint level=info msg="Successful endpoint creation" containerID=77e98208a0 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=2582 identity=60218 ipv4=10.0.0.87 ipv6= k8sPodName=kube-system/coredns-67659f764b-xm8v7 subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.245 e373b226-f502-4cbc-977e-f3a1dfe789c9 default }" containerID=d02751e4a38569bf6bff0338a5a280f42c9db8f38527ad4f19e46486bf042893 datapathConfiguration="&{false false false false false }" interface=lxc07e3f5c4851e k8sPodName=local-path-storage/local-path-provisioner-679c578f5-q5v5c labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=d02751e4a3 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=78 ipv4=10.0.0.245 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-q5v5c subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=d02751e4a3 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=78 identityLabels="k8s:app.kubernetes.io/instance=local-path-provisioner,k8s:app.kubernetes.io/name=local-path-provisioner,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage,k8s:io.cilium.k8s.namespace.labels.name=local-path-storage,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner,k8s:io.kubernetes.pod.namespace=local-path-storage" ipv4=10.0.0.245 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-q5v5c subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:local-path-storage k8s:io.cilium.k8s.namespace.labels.name:local-path-storage]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/instance=local-path-provisioner;k8s:app.kubernetes.io/name=local-path-provisioner;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage;k8s:io.cilium.k8s.namespace.labels.name=local-path-storage;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner;k8s:io.kubernetes.pod.namespace=local-path-storage;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=d02751e4a3 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=78 identity=22157 identityLabels="k8s:app.kubernetes.io/instance=local-path-provisioner,k8s:app.kubernetes.io/name=local-path-provisioner,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage,k8s:io.cilium.k8s.namespace.labels.name=local-path-storage,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner,k8s:io.kubernetes.pod.namespace=local-path-storage" ipv4=10.0.0.245 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-q5v5c oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=d02751e4a3 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=78 identity=22157 ipv4=10.0.0.245 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-q5v5c subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Rewrote endpoint BPF program" containerID=d02751e4a3 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=78 identity=22157 ipv4=10.0.0.245 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-q5v5c subsys=endpoint level=info msg="Successful endpoint creation" containerID=d02751e4a3 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=78 identity=22157 ipv4=10.0.0.245 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-q5v5c subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=c3c71822e4 endpointID=464 k8sNamespace=kube-system k8sPodName=coredns-7c96b6546b-696n4 subsys=daemon level=info msg="Releasing key" key="[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=coredns k8s:io.kubernetes.pod.namespace=kube-system k8s:k8s-app=kube-dns]" subsys=allocator level=info msg="Removed endpoint" containerID=c3c71822e4 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=464 identity=60218 ipv4=10.0.0.135 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-696n4 subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.21 05b78c7a-e524-4bae-ab70-d836586a852c default }" containerID=ebdfa1c4ff62b4b90bc4c4810203bc0ed89173b5f22da33e157a4b4ce73878c0 datapathConfiguration="&{false false false false false }" interface=lxc8bb118d5899a k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-rsq25 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=ebdfa1c4ff datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2809 ipv4=10.0.0.21 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-rsq25 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=ebdfa1c4ff datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2809 identityLabels="k8s:app.kubernetes.io/component=cainjector,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=cainjector,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=cainjector,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-cainjector,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.21 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-rsq25 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:cert-manager k8s:io.cilium.k8s.namespace.labels.name:cert-manager]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app=cainjector;k8s:app.kubernetes.io/component=cainjector;k8s:app.kubernetes.io/instance=cert-manager;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=cainjector;k8s:app.kubernetes.io/version=v1.11.5;k8s:helm.sh/chart=cert-manager-v1.11.5;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager;k8s:io.cilium.k8s.namespace.labels.name=cert-manager;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-cainjector;k8s:io.kubernetes.pod.namespace=cert-manager;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=ebdfa1c4ff datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2809 identity=27006 identityLabels="k8s:app.kubernetes.io/component=cainjector,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=cainjector,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=cainjector,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-cainjector,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.21 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-rsq25 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=ebdfa1c4ff datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2809 identity=27006 ipv4=10.0.0.21 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-rsq25 subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Rewrote endpoint BPF program" containerID=ebdfa1c4ff datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=2809 identity=27006 ipv4=10.0.0.21 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-rsq25 subsys=endpoint level=info msg="Successful endpoint creation" containerID=ebdfa1c4ff datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=2809 identity=27006 ipv4=10.0.0.21 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-rsq25 subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.23 1655d091-8db8-4c5b-a9cc-456a4bad328f default }" containerID=c7e68818330aeee597de66fb90c5ffc7df5a97ee14e845fa3871cbdadb59ce1e datapathConfiguration="&{false false false false false }" interface=lxc46b8a6f82a59 k8sPodName=cert-manager/cert-manager-webhook-548949fc64-fjg8s labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=c7e6881833 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2011 ipv4=10.0.0.23 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-fjg8s subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=c7e6881833 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2011 identityLabels="k8s:app.kubernetes.io/component=webhook,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=webhook,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=webhook,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-webhook,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.23 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-fjg8s subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:cert-manager k8s:io.cilium.k8s.namespace.labels.name:cert-manager]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app=webhook;k8s:app.kubernetes.io/component=webhook;k8s:app.kubernetes.io/instance=cert-manager;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=webhook;k8s:app.kubernetes.io/version=v1.11.5;k8s:helm.sh/chart=cert-manager-v1.11.5;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager;k8s:io.cilium.k8s.namespace.labels.name=cert-manager;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-webhook;k8s:io.kubernetes.pod.namespace=cert-manager;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=c7e6881833 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2011 identity=65261 identityLabels="k8s:app.kubernetes.io/component=webhook,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=webhook,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=webhook,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-webhook,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.23 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-fjg8s oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=c7e6881833 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2011 identity=65261 ipv4=10.0.0.23 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-fjg8s subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.202 859e51da-bbd1-46d7-ae95-031f0a11e819 default }" containerID=f1162e432614b2e6984d0cd905ea97c00a8952a4141bc78b0c4a0f0ef98c68c6 datapathConfiguration="&{false false false false false }" interface=lxccd3c4540b97a k8sPodName=cert-manager/cert-manager-75c4c745bc-z99h6 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=f1162e4326 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=30 ipv4=10.0.0.202 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-z99h6 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=f1162e4326 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=30 identityLabels="k8s:app.kubernetes.io/component=controller,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=cert-manager,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=cert-manager,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.202 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-z99h6 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:cert-manager k8s:io.cilium.k8s.namespace.labels.name:cert-manager]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app=cert-manager;k8s:app.kubernetes.io/component=controller;k8s:app.kubernetes.io/instance=cert-manager;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=cert-manager;k8s:app.kubernetes.io/version=v1.11.5;k8s:helm.sh/chart=cert-manager-v1.11.5;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager;k8s:io.cilium.k8s.namespace.labels.name=cert-manager;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=cert-manager;k8s:io.kubernetes.pod.namespace=cert-manager;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=f1162e4326 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=30 identity=2691 identityLabels="k8s:app.kubernetes.io/component=controller,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=cert-manager,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=cert-manager,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.202 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-z99h6 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=f1162e4326 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=30 identity=2691 ipv4=10.0.0.202 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-z99h6 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=c7e6881833 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=2011 identity=65261 ipv4=10.0.0.23 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-fjg8s subsys=endpoint level=info msg="Successful endpoint creation" containerID=c7e6881833 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=2011 identity=65261 ipv4=10.0.0.23 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-fjg8s subsys=daemon level=info msg="Rewrote endpoint BPF program" containerID=f1162e4326 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=30 identity=2691 ipv4=10.0.0.202 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-z99h6 subsys=endpoint level=info msg="Successful endpoint creation" containerID=f1162e4326 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=30 identity=2691 ipv4=10.0.0.202 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-z99h6 subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Create endpoint request" addressing="&{10.0.0.73 288e7ffb-000b-49b3-a5ee-178248899fb5 default }" containerID=71c872249bbc6ccd0ef65091223afd9a18c11c5017e96a7596cdc3d03139384d datapathConfiguration="&{false false false false false }" interface=lxcf037cd20e92f k8sPodName=cert-manager/cert-manager-startupapicheck-xhqns labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=71c872249b datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3822 ipv4=10.0.0.73 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-xhqns subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=71c872249b datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3822 identityLabels="k8s:app.kubernetes.io/component=startupapicheck,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=startupapicheck,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=startupapicheck,k8s:batch.kubernetes.io/controller-uid=e840b573-c1a5-405e-8e8d-2e9b384232dd,k8s:batch.kubernetes.io/job-name=cert-manager-startupapicheck,k8s:controller-uid=e840b573-c1a5-405e-8e8d-2e9b384232dd,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-startupapicheck,k8s:io.kubernetes.pod.namespace=cert-manager,k8s:job-name=cert-manager-startupapicheck" ipv4=10.0.0.73 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-xhqns subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:cert-manager k8s:io.cilium.k8s.namespace.labels.name:cert-manager]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app=startupapicheck;k8s:app.kubernetes.io/component=startupapicheck;k8s:app.kubernetes.io/instance=cert-manager;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=startupapicheck;k8s:app.kubernetes.io/version=v1.11.5;k8s:batch.kubernetes.io/controller-uid=e840b573-c1a5-405e-8e8d-2e9b384232dd;k8s:batch.kubernetes.io/job-name=cert-manager-startupapicheck;k8s:controller-uid=e840b573-c1a5-405e-8e8d-2e9b384232dd;k8s:helm.sh/chart=cert-manager-v1.11.5;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager;k8s:io.cilium.k8s.namespace.labels.name=cert-manager;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-startupapicheck;k8s:io.kubernetes.pod.namespace=cert-manager;k8s:job-name=cert-manager-startupapicheck;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=71c872249b datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3822 identity=15466 identityLabels="k8s:app.kubernetes.io/component=startupapicheck,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=startupapicheck,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=startupapicheck,k8s:batch.kubernetes.io/controller-uid=e840b573-c1a5-405e-8e8d-2e9b384232dd,k8s:batch.kubernetes.io/job-name=cert-manager-startupapicheck,k8s:controller-uid=e840b573-c1a5-405e-8e8d-2e9b384232dd,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-startupapicheck,k8s:io.kubernetes.pod.namespace=cert-manager,k8s:job-name=cert-manager-startupapicheck" ipv4=10.0.0.73 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-xhqns oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=71c872249b datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3822 identity=15466 ipv4=10.0.0.73 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-xhqns subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=71c872249b datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=3822 identity=15466 ipv4=10.0.0.73 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-xhqns subsys=endpoint level=info msg="Successful endpoint creation" containerID=71c872249b datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=3822 identity=15466 ipv4=10.0.0.73 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-xhqns subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="regenerating all endpoints" reason= subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=71c872249b endpointID=3822 k8sNamespace=cert-manager k8sPodName=cert-manager-startupapicheck-xhqns subsys=daemon level=info msg="Releasing key" key="[k8s:app=startupapicheck k8s:app.kubernetes.io/component=startupapicheck k8s:app.kubernetes.io/instance=cert-manager k8s:app.kubernetes.io/managed-by=Helm k8s:app.kubernetes.io/name=startupapicheck k8s:app.kubernetes.io/version=v1.11.5 k8s:batch.kubernetes.io/controller-uid=e840b573-c1a5-405e-8e8d-2e9b384232dd k8s:batch.kubernetes.io/job-name=cert-manager-startupapicheck k8s:controller-uid=e840b573-c1a5-405e-8e8d-2e9b384232dd k8s:helm.sh/chart=cert-manager-v1.11.5 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager k8s:io.cilium.k8s.namespace.labels.name=cert-manager k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-startupapicheck k8s:io.kubernetes.pod.namespace=cert-manager k8s:job-name=cert-manager-startupapicheck]" subsys=allocator level=info msg="Removed endpoint" containerID=71c872249b datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=3822 identity=15466 ipv4=10.0.0.73 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-xhqns subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.180 c953d4d0-da2a-4c17-8324-8264c3ff57f8 default }" containerID=548ca8f4803b6b4619ec5917f3851517cf07638913d6ed0219c0622021954bb6 datapathConfiguration="&{false false false false false }" interface=lxc63c29a9438a1 k8sPodName=ingress-nginx/ingress-nginx-admission-create-r5xfg labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=548ca8f480 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=317 ipv4=10.0.0.180 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-r5xfg subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=548ca8f480 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=317 identityLabels="k8s:app.kubernetes.io/component=admission-webhook,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:batch.kubernetes.io/controller-uid=6861a6df-9900-4fea-9122-7b05d34e0c2b,k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-create,k8s:controller-uid=6861a6df-9900-4fea-9122-7b05d34e0c2b,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission,k8s:io.kubernetes.pod.namespace=ingress-nginx,k8s:job-name=ingress-nginx-admission-create" ipv4=10.0.0.180 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-r5xfg subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:ingress-nginx k8s:io.cilium.k8s.namespace.labels.name:ingress-nginx]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=admission-webhook;k8s:app.kubernetes.io/instance=ingress-nginx;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=ingress-nginx;k8s:app.kubernetes.io/part-of=ingress-nginx;k8s:app.kubernetes.io/version=1.12.1;k8s:batch.kubernetes.io/controller-uid=6861a6df-9900-4fea-9122-7b05d34e0c2b;k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-create;k8s:controller-uid=6861a6df-9900-4fea-9122-7b05d34e0c2b;k8s:helm.sh/chart=ingress-nginx-4.12.1;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx;k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission;k8s:io.kubernetes.pod.namespace=ingress-nginx;k8s:job-name=ingress-nginx-admission-create;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=548ca8f480 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=317 identity=3753 identityLabels="k8s:app.kubernetes.io/component=admission-webhook,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:batch.kubernetes.io/controller-uid=6861a6df-9900-4fea-9122-7b05d34e0c2b,k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-create,k8s:controller-uid=6861a6df-9900-4fea-9122-7b05d34e0c2b,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission,k8s:io.kubernetes.pod.namespace=ingress-nginx,k8s:job-name=ingress-nginx-admission-create" ipv4=10.0.0.180 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-r5xfg oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=548ca8f480 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=317 identity=3753 ipv4=10.0.0.180 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-r5xfg subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Rewrote endpoint BPF program" containerID=548ca8f480 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=317 identity=3753 ipv4=10.0.0.180 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-r5xfg subsys=endpoint level=info msg="Successful endpoint creation" containerID=548ca8f480 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=317 identity=3753 ipv4=10.0.0.180 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-r5xfg subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=548ca8f480 endpointID=317 k8sNamespace=ingress-nginx k8sPodName=ingress-nginx-admission-create-r5xfg subsys=daemon level=info msg="Releasing key" key="[k8s:app.kubernetes.io/component=admission-webhook k8s:app.kubernetes.io/instance=ingress-nginx k8s:app.kubernetes.io/managed-by=Helm k8s:app.kubernetes.io/name=ingress-nginx k8s:app.kubernetes.io/part-of=ingress-nginx k8s:app.kubernetes.io/version=1.12.1 k8s:batch.kubernetes.io/controller-uid=6861a6df-9900-4fea-9122-7b05d34e0c2b k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-create k8s:controller-uid=6861a6df-9900-4fea-9122-7b05d34e0c2b k8s:helm.sh/chart=ingress-nginx-4.12.1 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission k8s:io.kubernetes.pod.namespace=ingress-nginx k8s:job-name=ingress-nginx-admission-create]" subsys=allocator level=info msg="Removed endpoint" containerID=548ca8f480 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=317 identity=3753 ipv4=10.0.0.180 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-r5xfg subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.94 f2d0a2b5-84b1-48a1-84fa-a9f0c882e77f default }" containerID=6b67d53c4675e40b0f6c051ee92660421c337931f4a06f5d62aa0a041d4d0bb0 datapathConfiguration="&{false false false false false }" interface=lxc09211e459632 k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-nvvx7 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=6b67d53c46 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2072 ipv4=10.0.0.94 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-nvvx7 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=6b67d53c46 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2072 identityLabels="k8s:app.kubernetes.io/component=default-backend,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-backend,k8s:io.kubernetes.pod.namespace=ingress-nginx" ipv4=10.0.0.94 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-nvvx7 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:ingress-nginx k8s:io.cilium.k8s.namespace.labels.name:ingress-nginx]" subsys=crd-allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Invalid state transition skipped" containerID=6b67d53c46 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2072 endpointState.from=waiting-for-identity endpointState.to=waiting-to-regenerate file=/go/src/github.com/cilium/cilium/pkg/endpoint/policy.go ipv4=10.0.0.94 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-nvvx7 line=611 subsys=endpoint level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=default-backend;k8s:app.kubernetes.io/instance=ingress-nginx;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=ingress-nginx;k8s:app.kubernetes.io/part-of=ingress-nginx;k8s:app.kubernetes.io/version=1.12.1;k8s:helm.sh/chart=ingress-nginx-4.12.1;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx;k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-backend;k8s:io.kubernetes.pod.namespace=ingress-nginx;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=6b67d53c46 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2072 identity=38175 identityLabels="k8s:app.kubernetes.io/component=default-backend,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-backend,k8s:io.kubernetes.pod.namespace=ingress-nginx" ipv4=10.0.0.94 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-nvvx7 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=6b67d53c46 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2072 identity=38175 ipv4=10.0.0.94 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-nvvx7 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=6b67d53c46 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=2072 identity=38175 ipv4=10.0.0.94 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-nvvx7 subsys=endpoint level=info msg="Successful endpoint creation" containerID=6b67d53c46 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=2072 identity=38175 ipv4=10.0.0.94 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-nvvx7 subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Create endpoint request" addressing="&{10.0.0.28 727bc6ea-1615-4002-a649-9afadfc566a3 default }" containerID=1240e5ac9f5cf1d11124e1e90634403da5395e0205370d7bdc4efce018ea07b4 datapathConfiguration="&{false false false false false }" interface=lxc6bfa043ca688 k8sPodName=ingress-nginx/ingress-nginx-admission-patch-6lcjk labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=1240e5ac9f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=160 ipv4=10.0.0.28 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-6lcjk subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=1240e5ac9f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=160 identityLabels="k8s:app.kubernetes.io/component=admission-webhook,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:batch.kubernetes.io/controller-uid=45ce1be4-5554-4ef1-993c-57a496745ca6,k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-patch,k8s:controller-uid=45ce1be4-5554-4ef1-993c-57a496745ca6,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission,k8s:io.kubernetes.pod.namespace=ingress-nginx,k8s:job-name=ingress-nginx-admission-patch" ipv4=10.0.0.28 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-6lcjk subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:ingress-nginx k8s:io.cilium.k8s.namespace.labels.name:ingress-nginx]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=admission-webhook;k8s:app.kubernetes.io/instance=ingress-nginx;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=ingress-nginx;k8s:app.kubernetes.io/part-of=ingress-nginx;k8s:app.kubernetes.io/version=1.12.1;k8s:batch.kubernetes.io/controller-uid=45ce1be4-5554-4ef1-993c-57a496745ca6;k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-patch;k8s:controller-uid=45ce1be4-5554-4ef1-993c-57a496745ca6;k8s:helm.sh/chart=ingress-nginx-4.12.1;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx;k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission;k8s:io.kubernetes.pod.namespace=ingress-nginx;k8s:job-name=ingress-nginx-admission-patch;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=1240e5ac9f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=160 identity=36838 identityLabels="k8s:app.kubernetes.io/component=admission-webhook,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:batch.kubernetes.io/controller-uid=45ce1be4-5554-4ef1-993c-57a496745ca6,k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-patch,k8s:controller-uid=45ce1be4-5554-4ef1-993c-57a496745ca6,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission,k8s:io.kubernetes.pod.namespace=ingress-nginx,k8s:job-name=ingress-nginx-admission-patch" ipv4=10.0.0.28 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-6lcjk oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=1240e5ac9f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=160 identity=36838 ipv4=10.0.0.28 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-6lcjk subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=1240e5ac9f datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=160 identity=36838 ipv4=10.0.0.28 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-6lcjk subsys=endpoint level=info msg="Successful endpoint creation" containerID=1240e5ac9f datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=160 identity=36838 ipv4=10.0.0.28 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-6lcjk subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="regenerating all endpoints" reason= subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=1240e5ac9f endpointID=160 k8sNamespace=ingress-nginx k8sPodName=ingress-nginx-admission-patch-6lcjk subsys=daemon level=info msg="Releasing key" key="[k8s:app.kubernetes.io/component=admission-webhook k8s:app.kubernetes.io/instance=ingress-nginx k8s:app.kubernetes.io/managed-by=Helm k8s:app.kubernetes.io/name=ingress-nginx k8s:app.kubernetes.io/part-of=ingress-nginx k8s:app.kubernetes.io/version=1.12.1 k8s:batch.kubernetes.io/controller-uid=45ce1be4-5554-4ef1-993c-57a496745ca6 k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-patch k8s:controller-uid=45ce1be4-5554-4ef1-993c-57a496745ca6 k8s:helm.sh/chart=ingress-nginx-4.12.1 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission k8s:io.kubernetes.pod.namespace=ingress-nginx k8s:job-name=ingress-nginx-admission-patch]" subsys=allocator level=info msg="Removed endpoint" containerID=1240e5ac9f datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=160 identity=36838 ipv4=10.0.0.28 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-6lcjk subsys=endpoint level=info msg="Policy Add Request" ciliumNetworkPolicy="[&{EndpointSelector:{\"matchLabels\":{\"k8s:app.kubernetes.io/component\":\"rabbitmq-operator\",\"k8s:app.kubernetes.io/instance\":\"rabbitmq-cluster-operator\",\"k8s:app.kubernetes.io/name\":\"rabbitmq-cluster-operator\",\"k8s:app.kubernetes.io/part-of\":\"rabbitmq\",\"k8s:io.kubernetes.pod.namespace\":\"openstack\"}} NodeSelector:{} Ingress:[{IngressCommonRule:{FromEndpoints:[] FromRequires:[] FromCIDR: FromCIDRSet:[] FromEntities:[] aggregatedSelectors:[]} ToPorts:[] ICMPs:[] Authentication:}] IngressDeny:[] Egress:[{EgressCommonRule:{ToEndpoints:[{}] ToRequires:[] ToCIDR: ToCIDRSet:[] ToEntities:[] ToServices:[] ToGroups:[] aggregatedSelectors:[]} ToPorts:[] ToFQDNs:[] ICMPs:[] Authentication:}] EgressDeny:[] Labels:[k8s:io.cilium.k8s.policy.derived-from=NetworkPolicy k8s:io.cilium.k8s.policy.name=rabbitmq-cluster-operator k8s:io.cilium.k8s.policy.namespace=openstack k8s:io.cilium.k8s.policy.uid=3fb52e25-500f-432c-a21a-3874b388be6a] Description:}]" policyAddRequest=ec0a36b2-c15e-4fcd-9ab2-732c01a46b1e subsys=daemon level=info msg="Policy imported via API, recalculating..." policyAddRequest=ec0a36b2-c15e-4fcd-9ab2-732c01a46b1e policyRevision=2 subsys=daemon level=info msg="NetworkPolicy successfully added" k8sApiVersion= k8sNetworkPolicyName=rabbitmq-cluster-operator subsys=k8s-watcher level=info msg="Policy Add Request" ciliumNetworkPolicy="[&{EndpointSelector:{\"matchLabels\":{\"k8s:app.kubernetes.io/component\":\"messaging-topology-operator\",\"k8s:app.kubernetes.io/instance\":\"rabbitmq-cluster-operator\",\"k8s:app.kubernetes.io/name\":\"rabbitmq-cluster-operator\",\"k8s:app.kubernetes.io/part-of\":\"rabbitmq\",\"k8s:io.kubernetes.pod.namespace\":\"openstack\"}} NodeSelector:{} Ingress:[{IngressCommonRule:{FromEndpoints:[{}] FromRequires:[] FromCIDR: FromCIDRSet:[] FromEntities:[] aggregatedSelectors:[]} ToPorts:[{Ports:[{Port:9443 Protocol:TCP}] TerminatingTLS: OriginatingTLS: ServerNames:[] Listener: Rules:}] ICMPs:[] Authentication:}] IngressDeny:[] Egress:[{EgressCommonRule:{ToEndpoints:[{}] ToRequires:[] ToCIDR: ToCIDRSet:[] ToEntities:[] ToServices:[] ToGroups:[] aggregatedSelectors:[]} ToPorts:[] ToFQDNs:[] ICMPs:[] Authentication:}] EgressDeny:[] Labels:[k8s:io.cilium.k8s.policy.derived-from=NetworkPolicy k8s:io.cilium.k8s.policy.name=rabbitmq-messaging-topology-operator k8s:io.cilium.k8s.policy.namespace=openstack k8s:io.cilium.k8s.policy.uid=95ac98c8-9c43-4477-bfa5-2413a719fd2e] Description:}]" policyAddRequest=1639e433-ac54-4477-9225-31f019a6c0d6 subsys=daemon level=info msg="Policy imported via API, recalculating..." policyAddRequest=1639e433-ac54-4477-9225-31f019a6c0d6 policyRevision=3 subsys=daemon level=info msg="NetworkPolicy successfully added" k8sApiVersion= k8sNetworkPolicyName=rabbitmq-messaging-topology-operator subsys=k8s-watcher level=info msg="Create endpoint request" addressing="&{10.0.0.216 af78c0b6-50f1-45e4-a692-d6c9f3066ffd default }" containerID=7a7ea70083abc61bd65c882149a8ba685cb193cd1db1a90f6cca5186f81c1f1f datapathConfiguration="&{false false false false false }" interface=lxc0a5b5a9d77a9 k8sPodName=openstack/rabbitmq-cluster-operator-7fcdcd478-n5qz4 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=7a7ea70083 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=937 ipv4=10.0.0.216 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-7fcdcd478-n5qz4 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=7a7ea70083 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=937 identityLabels="k8s:app.kubernetes.io/component=rabbitmq-operator,k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=rabbitmq-cluster-operator,k8s:app.kubernetes.io/part-of=rabbitmq,k8s:app.kubernetes.io/version=2.9.0,k8s:helm.sh/chart=rabbitmq-cluster-operator-4.3.6,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-cluster-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.216 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-7fcdcd478-n5qz4 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=rabbitmq-operator;k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=rabbitmq-cluster-operator;k8s:app.kubernetes.io/part-of=rabbitmq;k8s:app.kubernetes.io/version=2.9.0;k8s:helm.sh/chart=rabbitmq-cluster-operator-4.3.6;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-cluster-operator;k8s:io.kubernetes.pod.namespace=openstack;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=7a7ea70083 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=937 identity=34775 identityLabels="k8s:app.kubernetes.io/component=rabbitmq-operator,k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=rabbitmq-cluster-operator,k8s:app.kubernetes.io/part-of=rabbitmq,k8s:app.kubernetes.io/version=2.9.0,k8s:helm.sh/chart=rabbitmq-cluster-operator-4.3.6,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-cluster-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.216 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-7fcdcd478-n5qz4 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=7a7ea70083 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=937 identity=34775 ipv4=10.0.0.216 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-7fcdcd478-n5qz4 subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Rewrote endpoint BPF program" containerID=7a7ea70083 datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=937 identity=34775 ipv4=10.0.0.216 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-7fcdcd478-n5qz4 subsys=endpoint level=info msg="Successful endpoint creation" containerID=7a7ea70083 datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=937 identity=34775 ipv4=10.0.0.216 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-7fcdcd478-n5qz4 subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.104 492f2ae7-538b-4b1b-839b-940e8cc3fe8a default }" containerID=a9d3c5683e3038efc7cf084a1832311e0f5adfff8c3f4d94a6a6e9bb97613a97 datapathConfiguration="&{false false false false false }" interface=lxc5eb7b93a9a30 k8sPodName=openstack/rabbitmq-messaging-topology-operator-7f8596f788-cdt7t labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=a9d3c5683e datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=410 ipv4=10.0.0.104 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-7f8596f788-cdt7t subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=a9d3c5683e datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=410 identityLabels="k8s:app.kubernetes.io/component=messaging-topology-operator,k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=rabbitmq-cluster-operator,k8s:app.kubernetes.io/part-of=rabbitmq,k8s:app.kubernetes.io/version=1.14.1,k8s:helm.sh/chart=rabbitmq-cluster-operator-4.3.6,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-messaging-topology-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.104 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-7f8596f788-cdt7t subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=messaging-topology-operator;k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=rabbitmq-cluster-operator;k8s:app.kubernetes.io/part-of=rabbitmq;k8s:app.kubernetes.io/version=1.14.1;k8s:helm.sh/chart=rabbitmq-cluster-operator-4.3.6;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-messaging-topology-operator;k8s:io.kubernetes.pod.namespace=openstack;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=a9d3c5683e datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=410 identity=16150 identityLabels="k8s:app.kubernetes.io/component=messaging-topology-operator,k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=rabbitmq-cluster-operator,k8s:app.kubernetes.io/part-of=rabbitmq,k8s:app.kubernetes.io/version=1.14.1,k8s:helm.sh/chart=rabbitmq-cluster-operator-4.3.6,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-messaging-topology-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.104 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-7f8596f788-cdt7t oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=a9d3c5683e datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=410 identity=16150 ipv4=10.0.0.104 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-7f8596f788-cdt7t subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=a9d3c5683e datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=410 identity=16150 ipv4=10.0.0.104 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-7f8596f788-cdt7t subsys=endpoint level=info msg="Successful endpoint creation" containerID=a9d3c5683e datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=410 identity=16150 ipv4=10.0.0.104 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-7f8596f788-cdt7t subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="regenerating all endpoints" reason= subsys=endpoint-manager level=info msg="Create endpoint request" addressing="&{10.0.0.227 a0d32fea-b056-46c2-9d2d-5d60ab39ce22 default }" containerID=ff13881b20a2ae1ab2151558028b0aea45e2d71b83a681961e6cc1d0bfc4e3bc datapathConfiguration="&{false false false false false }" interface=lxc826ff3f98dfb k8sPodName=openstack/pxc-operator-7cff949c8b-rrnfd labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=ff13881b20 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3675 ipv4=10.0.0.227 ipv6= k8sPodName=openstack/pxc-operator-7cff949c8b-rrnfd subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=ff13881b20 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3675 identityLabels="k8s:app.kubernetes.io/component=operator,k8s:app.kubernetes.io/instance=pxc-operator,k8s:app.kubernetes.io/name=pxc-operator,k8s:app.kubernetes.io/part-of=pxc-operator,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=pxc-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.227 ipv6= k8sPodName=openstack/pxc-operator-7cff949c8b-rrnfd subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=operator;k8s:app.kubernetes.io/instance=pxc-operator;k8s:app.kubernetes.io/name=pxc-operator;k8s:app.kubernetes.io/part-of=pxc-operator;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=pxc-operator;k8s:io.kubernetes.pod.namespace=openstack;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=ff13881b20 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3675 identity=55888 identityLabels="k8s:app.kubernetes.io/component=operator,k8s:app.kubernetes.io/instance=pxc-operator,k8s:app.kubernetes.io/name=pxc-operator,k8s:app.kubernetes.io/part-of=pxc-operator,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=pxc-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.227 ipv6= k8sPodName=openstack/pxc-operator-7cff949c8b-rrnfd oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=ff13881b20 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3675 identity=55888 ipv4=10.0.0.227 ipv6= k8sPodName=openstack/pxc-operator-7cff949c8b-rrnfd subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=ff13881b20 datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=3675 identity=55888 ipv4=10.0.0.227 ipv6= k8sPodName=openstack/pxc-operator-7cff949c8b-rrnfd subsys=endpoint level=info msg="Successful endpoint creation" containerID=ff13881b20 datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=3675 identity=55888 ipv4=10.0.0.227 ipv6= k8sPodName=openstack/pxc-operator-7cff949c8b-rrnfd subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Create endpoint request" addressing="&{10.0.0.24 448ba4d6-1a4c-4332-86d1-1237d57cc8c6 default }" containerID=d36b0157413f32054d1fc6b2a7cdbb75207a2c76f161ddde92d42f425fc53a26 datapathConfiguration="&{false false false false false }" interface=lxcb540223748ad k8sPodName=local-path-storage/helper-pod-create-pvc-f1d0fcbe-8126-4486-85fc-10bd38dd4538 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=d36b015741 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2886 ipv4=10.0.0.24 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-f1d0fcbe-8126-4486-85fc-10bd38dd4538 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=d36b015741 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2886 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage,k8s:io.cilium.k8s.namespace.labels.name=local-path-storage,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner,k8s:io.kubernetes.pod.namespace=local-path-storage" ipv4=10.0.0.24 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-f1d0fcbe-8126-4486-85fc-10bd38dd4538 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:local-path-storage k8s:io.cilium.k8s.namespace.labels.name:local-path-storage]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage;k8s:io.cilium.k8s.namespace.labels.name=local-path-storage;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner;k8s:io.kubernetes.pod.namespace=local-path-storage;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=d36b015741 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2886 identity=3581 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage,k8s:io.cilium.k8s.namespace.labels.name=local-path-storage,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner,k8s:io.kubernetes.pod.namespace=local-path-storage" ipv4=10.0.0.24 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-f1d0fcbe-8126-4486-85fc-10bd38dd4538 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=d36b015741 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2886 identity=3581 ipv4=10.0.0.24 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-f1d0fcbe-8126-4486-85fc-10bd38dd4538 subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Rewrote endpoint BPF program" containerID=d36b015741 datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=2886 identity=3581 ipv4=10.0.0.24 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-f1d0fcbe-8126-4486-85fc-10bd38dd4538 subsys=endpoint level=info msg="Successful endpoint creation" containerID=d36b015741 datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=2886 identity=3581 ipv4=10.0.0.24 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-f1d0fcbe-8126-4486-85fc-10bd38dd4538 subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.228 3fc5d3dd-ace6-4a9a-929a-2ee86e9cdb8e default }" containerID=480410f7a176a52a292016679370bdf343c1a4ce44fe27fa012c1197e5ffb612 datapathConfiguration="&{false false false false false }" interface=lxcf09a32dc757f k8sPodName=openstack/percona-xtradb-haproxy-0 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=480410f7a1 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3981 ipv4=10.0.0.228 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=480410f7a1 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3981 identityLabels="k8s:app.kubernetes.io/component=haproxy,k8s:app.kubernetes.io/instance=percona-xtradb,k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator,k8s:app.kubernetes.io/name=percona-xtradb-cluster,k8s:app.kubernetes.io/part-of=percona-xtradb-cluster,k8s:apps.kubernetes.io/pod-index=0,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=default,k8s:io.kubernetes.pod.namespace=openstack,k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-haproxy-0" ipv4=10.0.0.228 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=haproxy;k8s:app.kubernetes.io/instance=percona-xtradb;k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator;k8s:app.kubernetes.io/name=percona-xtradb-cluster;k8s:app.kubernetes.io/part-of=percona-xtradb-cluster;k8s:apps.kubernetes.io/pod-index=0;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=default;k8s:io.kubernetes.pod.namespace=openstack;k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-haproxy-0;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=480410f7a1 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3981 identity=42448 identityLabels="k8s:app.kubernetes.io/component=haproxy,k8s:app.kubernetes.io/instance=percona-xtradb,k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator,k8s:app.kubernetes.io/name=percona-xtradb-cluster,k8s:app.kubernetes.io/part-of=percona-xtradb-cluster,k8s:apps.kubernetes.io/pod-index=0,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=default,k8s:io.kubernetes.pod.namespace=openstack,k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-haproxy-0" ipv4=10.0.0.228 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=480410f7a1 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3981 identity=42448 ipv4=10.0.0.228 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=480410f7a1 datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=3981 identity=42448 ipv4=10.0.0.228 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 subsys=endpoint level=info msg="Successful endpoint creation" containerID=480410f7a1 datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=3981 identity=42448 ipv4=10.0.0.228 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="regenerating all endpoints" reason= subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=d36b015741 endpointID=2886 k8sNamespace=local-path-storage k8sPodName=helper-pod-create-pvc-f1d0fcbe-8126-4486-85fc-10bd38dd4538 subsys=daemon level=info msg="Releasing key" key="[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage k8s:io.cilium.k8s.namespace.labels.name=local-path-storage k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner k8s:io.kubernetes.pod.namespace=local-path-storage]" subsys=allocator level=info msg="Removed endpoint" containerID=d36b015741 datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=2886 identity=3581 ipv4=10.0.0.24 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-f1d0fcbe-8126-4486-85fc-10bd38dd4538 subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.243 d08efea4-9aab-4f2c-bdbe-5d3732716a74 default }" containerID=1ccb6d56c1bf3e2dd118b48110f90adb24c69a3dbec02ef9b362348c42e70c88 datapathConfiguration="&{false false false false false }" interface=lxc23aec680e8b3 k8sPodName=openstack/percona-xtradb-pxc-0 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=1ccb6d56c1 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1770 ipv4=10.0.0.243 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=1ccb6d56c1 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1770 identityLabels="k8s:app.kubernetes.io/component=pxc,k8s:app.kubernetes.io/instance=percona-xtradb,k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator,k8s:app.kubernetes.io/name=percona-xtradb-cluster,k8s:app.kubernetes.io/part-of=percona-xtradb-cluster,k8s:apps.kubernetes.io/pod-index=0,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=default,k8s:io.kubernetes.pod.namespace=openstack,k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-pxc-0" ipv4=10.0.0.243 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=pxc;k8s:app.kubernetes.io/instance=percona-xtradb;k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator;k8s:app.kubernetes.io/name=percona-xtradb-cluster;k8s:app.kubernetes.io/part-of=percona-xtradb-cluster;k8s:apps.kubernetes.io/pod-index=0;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=default;k8s:io.kubernetes.pod.namespace=openstack;k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-pxc-0;" subsys=allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Identity of endpoint changed" containerID=1ccb6d56c1 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1770 identity=3775 identityLabels="k8s:app.kubernetes.io/component=pxc,k8s:app.kubernetes.io/instance=percona-xtradb,k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator,k8s:app.kubernetes.io/name=percona-xtradb-cluster,k8s:app.kubernetes.io/part-of=percona-xtradb-cluster,k8s:apps.kubernetes.io/pod-index=0,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=default,k8s:io.kubernetes.pod.namespace=openstack,k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-pxc-0" ipv4=10.0.0.243 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=1ccb6d56c1 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1770 identity=3775 ipv4=10.0.0.243 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=1ccb6d56c1 datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=1770 identity=3775 ipv4=10.0.0.243 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 subsys=endpoint level=info msg="Successful endpoint creation" containerID=1ccb6d56c1 datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=1770 identity=3775 ipv4=10.0.0.243 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Create endpoint request" addressing="&{10.0.0.126 73c95885-7cbb-43ac-8538-577d99d6bd50 default }" containerID=68cc25f5adb685d7258e480837cf23143d4243c500e20a14b757bf26862ed1b9 datapathConfiguration="&{false false false false false }" interface=lxc3bc30c902f46 k8sPodName=openstack/memcached-memcached-6479589586-nw4r9 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=68cc25f5ad datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1017 ipv4=10.0.0.126 ipv6= k8sPodName=openstack/memcached-memcached-6479589586-nw4r9 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=68cc25f5ad datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1017 identityLabels="k8s:application=memcached,k8s:component=server,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=memcached-memcached,k8s:io.kubernetes.pod.namespace=openstack,k8s:release_group=memcached" ipv4=10.0.0.126 ipv6= k8sPodName=openstack/memcached-memcached-6479589586-nw4r9 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Allocated new global key" key="k8s:application=memcached;k8s:component=server;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=memcached-memcached;k8s:io.kubernetes.pod.namespace=openstack;k8s:release_group=memcached;" subsys=allocator level=info msg="Invalid state transition skipped" containerID=68cc25f5ad datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1017 endpointState.from=waiting-for-identity endpointState.to=waiting-to-regenerate file=/go/src/github.com/cilium/cilium/pkg/endpoint/policy.go ipv4=10.0.0.126 ipv6= k8sPodName=openstack/memcached-memcached-6479589586-nw4r9 line=611 subsys=endpoint level=info msg="Identity of endpoint changed" containerID=68cc25f5ad datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1017 identity=20893 identityLabels="k8s:application=memcached,k8s:component=server,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=memcached-memcached,k8s:io.kubernetes.pod.namespace=openstack,k8s:release_group=memcached" ipv4=10.0.0.126 ipv6= k8sPodName=openstack/memcached-memcached-6479589586-nw4r9 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=68cc25f5ad datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1017 identity=20893 ipv4=10.0.0.126 ipv6= k8sPodName=openstack/memcached-memcached-6479589586-nw4r9 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=68cc25f5ad datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=1017 identity=20893 ipv4=10.0.0.126 ipv6= k8sPodName=openstack/memcached-memcached-6479589586-nw4r9 subsys=endpoint level=info msg="Successful endpoint creation" containerID=68cc25f5ad datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=1017 identity=20893 ipv4=10.0.0.126 ipv6= k8sPodName=openstack/memcached-memcached-6479589586-nw4r9 subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Policy Add Request" ciliumNetworkPolicy="[&{EndpointSelector:{\"matchLabels\":{\"k8s:app.kubernetes.io/component\":\"keycloak\",\"k8s:app.kubernetes.io/instance\":\"keycloak\",\"k8s:app.kubernetes.io/name\":\"keycloak\",\"k8s:io.kubernetes.pod.namespace\":\"auth-system\"}} NodeSelector:{} Ingress:[{IngressCommonRule:{FromEndpoints:[{}] FromRequires:[] FromCIDR: FromCIDRSet:[] FromEntities:[] aggregatedSelectors:[]} ToPorts:[{Ports:[{Port:7800 Protocol:TCP}] TerminatingTLS: OriginatingTLS: ServerNames:[] Listener: Rules:} {Ports:[{Port:8080 Protocol:TCP}] TerminatingTLS: OriginatingTLS: ServerNames:[] Listener: Rules:}] ICMPs:[] Authentication:}] IngressDeny:[] Egress:[{EgressCommonRule:{ToEndpoints:[{}] ToRequires:[] ToCIDR: ToCIDRSet:[] ToEntities:[] ToServices:[] ToGroups:[] aggregatedSelectors:[]} ToPorts:[] ToFQDNs:[] ICMPs:[] Authentication:}] EgressDeny:[] Labels:[k8s:io.cilium.k8s.policy.derived-from=NetworkPolicy k8s:io.cilium.k8s.policy.name=keycloak k8s:io.cilium.k8s.policy.namespace=auth-system k8s:io.cilium.k8s.policy.uid=a05f6795-2ad7-4c70-9a1c-d3db331fa260] Description:}]" policyAddRequest=fa85bd2e-d723-4dd9-a960-a4a62419e360 subsys=daemon level=info msg="NetworkPolicy successfully added" k8sApiVersion= k8sNetworkPolicyName=keycloak subsys=k8s-watcher level=info msg="Policy imported via API, recalculating..." policyAddRequest=fa85bd2e-d723-4dd9-a960-a4a62419e360 policyRevision=4 subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.114 69d1051c-875a-4bb5-9d89-b519b549f81d default }" containerID=dce60525dee6b7849fb60bc40a82e11752974802f88299dc24a0b25489b35a77 datapathConfiguration="&{false false false false false }" interface=lxccc03ecb2aa72 k8sPodName=auth-system/keycloak-0 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=dce60525de datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2438 ipv4=10.0.0.114 ipv6= k8sPodName=auth-system/keycloak-0 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=dce60525de datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2438 identityLabels="k8s:app.kubernetes.io/component=keycloak,k8s:app.kubernetes.io/instance=keycloak,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=keycloak,k8s:app.kubernetes.io/version=24.0.5,k8s:apps.kubernetes.io/pod-index=0,k8s:helm.sh/chart=keycloak-21.4.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=auth-system,k8s:io.cilium.k8s.namespace.labels.name=auth-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=keycloak,k8s:io.kubernetes.pod.namespace=auth-system,k8s:statefulset.kubernetes.io/pod-name=keycloak-0" ipv4=10.0.0.114 ipv6= k8sPodName=auth-system/keycloak-0 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:auth-system k8s:io.cilium.k8s.namespace.labels.name:auth-system]" subsys=crd-allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=keycloak;k8s:app.kubernetes.io/instance=keycloak;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=keycloak;k8s:app.kubernetes.io/version=24.0.5;k8s:apps.kubernetes.io/pod-index=0;k8s:helm.sh/chart=keycloak-21.4.1;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=auth-system;k8s:io.cilium.k8s.namespace.labels.name=auth-system;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=keycloak;k8s:io.kubernetes.pod.namespace=auth-system;k8s:statefulset.kubernetes.io/pod-name=keycloak-0;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=dce60525de datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2438 identity=2677 identityLabels="k8s:app.kubernetes.io/component=keycloak,k8s:app.kubernetes.io/instance=keycloak,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=keycloak,k8s:app.kubernetes.io/version=24.0.5,k8s:apps.kubernetes.io/pod-index=0,k8s:helm.sh/chart=keycloak-21.4.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=auth-system,k8s:io.cilium.k8s.namespace.labels.name=auth-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=keycloak,k8s:io.kubernetes.pod.namespace=auth-system,k8s:statefulset.kubernetes.io/pod-name=keycloak-0" ipv4=10.0.0.114 ipv6= k8sPodName=auth-system/keycloak-0 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=dce60525de datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2438 identity=2677 ipv4=10.0.0.114 ipv6= k8sPodName=auth-system/keycloak-0 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=dce60525de datapathPolicyRevision=0 desiredPolicyRevision=4 endpointID=2438 identity=2677 ipv4=10.0.0.114 ipv6= k8sPodName=auth-system/keycloak-0 subsys=endpoint level=info msg="Successful endpoint creation" containerID=dce60525de datapathPolicyRevision=4 desiredPolicyRevision=4 endpointID=2438 identity=2677 ipv4=10.0.0.114 ipv6= k8sPodName=auth-system/keycloak-0 subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager