level=info msg="Memory available for map entries (0.003% of 16764964864B): 41912412B" subsys=config level=info msg="option bpf-ct-global-tcp-max set by dynamic sizing to 147061" subsys=config level=info msg="option bpf-ct-global-any-max set by dynamic sizing to 73530" subsys=config level=info msg="option bpf-nat-global-max set by dynamic sizing to 147061" subsys=config level=info msg="option bpf-neigh-global-max set by dynamic sizing to 147061" subsys=config level=info msg="option bpf-sock-rev-map-max set by dynamic sizing to 73530" subsys=config level=info msg=" --agent-health-port='9879'" subsys=daemon level=info msg=" --agent-labels=''" subsys=daemon level=info msg=" --agent-liveness-update-interval='1s'" subsys=daemon level=info msg=" --agent-not-ready-taint-key='node.cilium.io/agent-not-ready'" subsys=daemon level=info msg=" --allocator-list-timeout='3m0s'" subsys=daemon level=info msg=" --allow-icmp-frag-needed='true'" subsys=daemon level=info msg=" --allow-localhost='auto'" subsys=daemon level=info msg=" --annotate-k8s-node='false'" subsys=daemon level=info msg=" --api-rate-limit=''" subsys=daemon level=info msg=" --arping-refresh-period='30s'" subsys=daemon level=info msg=" --auto-create-cilium-node-resource='true'" subsys=daemon level=info msg=" --auto-direct-node-routes='false'" subsys=daemon level=info msg=" --bgp-announce-lb-ip='false'" subsys=daemon level=info msg=" --bgp-announce-pod-cidr='false'" subsys=daemon level=info msg=" --bgp-config-path='/var/lib/cilium/bgp/config.yaml'" subsys=daemon level=info msg=" --bpf-auth-map-max='524288'" subsys=daemon level=info msg=" --bpf-ct-global-any-max='262144'" subsys=daemon level=info msg=" --bpf-ct-global-tcp-max='524288'" subsys=daemon level=info msg=" --bpf-ct-timeout-regular-any='1m0s'" subsys=daemon level=info msg=" --bpf-ct-timeout-regular-tcp='6h0m0s'" subsys=daemon level=info msg=" --bpf-ct-timeout-regular-tcp-fin='10s'" subsys=daemon level=info msg=" --bpf-ct-timeout-regular-tcp-syn='1m0s'" subsys=daemon level=info msg=" --bpf-ct-timeout-service-any='1m0s'" subsys=daemon level=info msg=" --bpf-ct-timeout-service-tcp='6h0m0s'" subsys=daemon level=info msg=" --bpf-ct-timeout-service-tcp-grace='1m0s'" subsys=daemon level=info msg=" --bpf-filter-priority='1'" subsys=daemon level=info msg=" --bpf-fragments-map-max='8192'" subsys=daemon level=info msg=" --bpf-lb-acceleration='disabled'" subsys=daemon level=info msg=" --bpf-lb-affinity-map-max='0'" subsys=daemon level=info msg=" --bpf-lb-algorithm='random'" subsys=daemon level=info msg=" --bpf-lb-dev-ip-addr-inherit=''" subsys=daemon level=info msg=" --bpf-lb-dsr-dispatch='opt'" subsys=daemon level=info msg=" --bpf-lb-dsr-l4-xlate='frontend'" subsys=daemon level=info msg=" --bpf-lb-external-clusterip='false'" subsys=daemon level=info msg=" --bpf-lb-maglev-hash-seed='JLfvgnHc2kaSUFaI'" subsys=daemon level=info msg=" --bpf-lb-maglev-map-max='0'" subsys=daemon level=info msg=" --bpf-lb-maglev-table-size='16381'" subsys=daemon level=info msg=" --bpf-lb-map-max='65536'" subsys=daemon level=info msg=" --bpf-lb-mode='snat'" subsys=daemon level=info msg=" --bpf-lb-rev-nat-map-max='0'" subsys=daemon level=info msg=" --bpf-lb-rss-ipv4-src-cidr=''" subsys=daemon level=info msg=" --bpf-lb-rss-ipv6-src-cidr=''" subsys=daemon level=info msg=" --bpf-lb-service-backend-map-max='0'" subsys=daemon level=info msg=" --bpf-lb-service-map-max='0'" subsys=daemon level=info msg=" --bpf-lb-sock='false'" subsys=daemon level=info msg=" --bpf-lb-sock-hostns-only='false'" subsys=daemon level=info msg=" --bpf-lb-source-range-map-max='0'" subsys=daemon level=info msg=" --bpf-map-dynamic-size-ratio='0.0025'" subsys=daemon level=info msg=" --bpf-map-event-buffers=''" subsys=daemon level=info msg=" --bpf-nat-global-max='524288'" subsys=daemon level=info msg=" --bpf-neigh-global-max='524288'" subsys=daemon level=info msg=" --bpf-policy-map-full-reconciliation-interval='15m0s'" subsys=daemon level=info msg=" --bpf-policy-map-max='16384'" subsys=daemon level=info msg=" --bpf-root='/sys/fs/bpf'" subsys=daemon level=info msg=" --bpf-sock-rev-map-max='262144'" subsys=daemon level=info msg=" --bypass-ip-availability-upon-restore='false'" subsys=daemon level=info msg=" --certificates-directory='/var/run/cilium/certs'" subsys=daemon level=info msg=" --cflags=''" subsys=daemon level=info msg=" --cgroup-root='/run/cilium/cgroupv2'" subsys=daemon level=info msg=" --cilium-endpoint-gc-interval='5m0s'" subsys=daemon level=info msg=" --cluster-health-port='4240'" subsys=daemon level=info msg=" --cluster-id='0'" subsys=daemon level=info msg=" --cluster-name='default'" subsys=daemon level=info msg=" --cluster-pool-ipv4-cidr='10.0.0.0/8'" subsys=daemon level=info msg=" --cluster-pool-ipv4-mask-size='24'" subsys=daemon level=info msg=" --clustermesh-config='/var/lib/cilium/clustermesh/'" subsys=daemon level=info msg=" --clustermesh-ip-identities-sync-timeout='1m0s'" subsys=daemon level=info msg=" --cmdref=''" subsys=daemon level=info msg=" --cni-chaining-mode='none'" subsys=daemon level=info msg=" --cni-chaining-target=''" subsys=daemon level=info msg=" --cni-exclusive='true'" subsys=daemon level=info msg=" --cni-external-routing='false'" subsys=daemon level=info msg=" --cni-log-file='/var/run/cilium/cilium-cni.log'" subsys=daemon level=info msg=" --cnp-node-status-gc-interval='0s'" subsys=daemon level=info msg=" --config=''" subsys=daemon level=info msg=" --config-dir='/tmp/cilium/config-map'" subsys=daemon level=info msg=" --config-sources='config-map:kube-system/cilium-config'" subsys=daemon level=info msg=" --conntrack-gc-interval='0s'" subsys=daemon level=info msg=" --conntrack-gc-max-interval='0s'" subsys=daemon level=info msg=" --crd-wait-timeout='5m0s'" subsys=daemon level=info msg=" --custom-cni-conf='false'" subsys=daemon level=info msg=" --datapath-mode='veth'" subsys=daemon level=info msg=" --debug='false'" subsys=daemon level=info msg=" --debug-verbose=''" subsys=daemon level=info msg=" --derive-masquerade-ip-addr-from-device=''" subsys=daemon level=info msg=" --devices=''" subsys=daemon level=info msg=" --direct-routing-device=''" subsys=daemon level=info msg=" --disable-cnp-status-updates='true'" subsys=daemon level=info msg=" --disable-endpoint-crd='false'" subsys=daemon level=info msg=" --disable-envoy-version-check='false'" subsys=daemon level=info msg=" --disable-iptables-feeder-rules=''" subsys=daemon level=info msg=" --dns-max-ips-per-restored-rule='1000'" subsys=daemon level=info msg=" --dns-policy-unload-on-shutdown='false'" subsys=daemon level=info msg=" --dnsproxy-concurrency-limit='0'" subsys=daemon level=info msg=" --dnsproxy-concurrency-processing-grace-period='0s'" subsys=daemon level=info msg=" --dnsproxy-enable-transparent-mode='true'" subsys=daemon level=info msg=" --dnsproxy-lock-count='128'" subsys=daemon level=info msg=" --dnsproxy-lock-timeout='500ms'" subsys=daemon level=info msg=" --egress-gateway-policy-map-max='16384'" subsys=daemon level=info msg=" --egress-gateway-reconciliation-trigger-interval='1s'" subsys=daemon level=info msg=" --egress-masquerade-interfaces=''" subsys=daemon level=info msg=" --egress-multi-home-ip-rule-compat='false'" subsys=daemon level=info msg=" --enable-auto-protect-node-port-range='true'" subsys=daemon level=info msg=" --enable-bandwidth-manager='false'" subsys=daemon level=info msg=" --enable-bbr='false'" subsys=daemon level=info msg=" --enable-bgp-control-plane='false'" subsys=daemon level=info msg=" --enable-bpf-clock-probe='false'" subsys=daemon level=info msg=" --enable-bpf-masquerade='false'" subsys=daemon level=info msg=" --enable-bpf-tproxy='false'" subsys=daemon level=info msg=" --enable-cilium-api-server-access='*'" subsys=daemon level=info msg=" --enable-cilium-endpoint-slice='false'" subsys=daemon level=info msg=" --enable-cilium-health-api-server-access='*'" subsys=daemon level=info msg=" --enable-custom-calls='false'" subsys=daemon level=info msg=" --enable-endpoint-health-checking='true'" subsys=daemon level=info msg=" --enable-endpoint-routes='false'" subsys=daemon level=info msg=" --enable-envoy-config='false'" subsys=daemon level=info msg=" --enable-external-ips='false'" subsys=daemon level=info msg=" --enable-health-check-nodeport='true'" subsys=daemon level=info msg=" --enable-health-checking='true'" subsys=daemon level=info msg=" --enable-high-scale-ipcache='false'" subsys=daemon level=info msg=" --enable-host-firewall='false'" subsys=daemon level=info msg=" --enable-host-legacy-routing='false'" subsys=daemon level=info msg=" --enable-host-port='false'" subsys=daemon level=info msg=" --enable-hubble='false'" subsys=daemon level=info msg=" --enable-hubble-recorder-api='true'" subsys=daemon level=info msg=" --enable-icmp-rules='true'" subsys=daemon level=info msg=" --enable-identity-mark='true'" subsys=daemon level=info msg=" --enable-ip-masq-agent='false'" subsys=daemon level=info msg=" --enable-ipsec='false'" subsys=daemon level=info msg=" --enable-ipsec-key-watcher='true'" subsys=daemon level=info msg=" --enable-ipv4='true'" subsys=daemon level=info msg=" --enable-ipv4-big-tcp='false'" subsys=daemon level=info msg=" --enable-ipv4-egress-gateway='false'" subsys=daemon level=info msg=" --enable-ipv4-fragment-tracking='true'" subsys=daemon level=info msg=" --enable-ipv4-masquerade='true'" subsys=daemon level=info msg=" --enable-ipv6='false'" subsys=daemon level=info msg=" --enable-ipv6-big-tcp='false'" subsys=daemon level=info msg=" --enable-ipv6-masquerade='true'" subsys=daemon level=info msg=" --enable-ipv6-ndp='false'" subsys=daemon level=info msg=" --enable-k8s='true'" subsys=daemon level=info msg=" --enable-k8s-api-discovery='false'" subsys=daemon level=info msg=" --enable-k8s-endpoint-slice='true'" subsys=daemon level=info msg=" --enable-k8s-event-handover='false'" subsys=daemon level=info msg=" --enable-k8s-networkpolicy='true'" subsys=daemon level=info msg=" --enable-k8s-terminating-endpoint='true'" subsys=daemon level=info msg=" --enable-l2-announcements='false'" subsys=daemon level=info msg=" --enable-l2-neigh-discovery='true'" subsys=daemon level=info msg=" --enable-l2-pod-announcements='false'" subsys=daemon level=info msg=" --enable-l7-proxy='true'" subsys=daemon level=info msg=" --enable-local-node-route='true'" subsys=daemon level=info msg=" --enable-local-redirect-policy='false'" subsys=daemon level=info msg=" --enable-mke='false'" subsys=daemon level=info msg=" --enable-monitor='true'" subsys=daemon level=info msg=" --enable-nat46x64-gateway='false'" subsys=daemon level=info msg=" --enable-node-port='false'" subsys=daemon level=info msg=" --enable-pmtu-discovery='false'" subsys=daemon level=info msg=" --enable-policy='default'" subsys=daemon level=info msg=" --enable-recorder='false'" subsys=daemon level=info msg=" --enable-remote-node-identity='true'" subsys=daemon level=info msg=" --enable-runtime-device-detection='false'" subsys=daemon level=info msg=" --enable-sctp='false'" subsys=daemon level=info msg=" --enable-service-topology='false'" subsys=daemon level=info msg=" --enable-session-affinity='false'" subsys=daemon level=info msg=" --enable-srv6='false'" subsys=daemon level=info msg=" --enable-stale-cilium-endpoint-cleanup='true'" subsys=daemon level=info msg=" --enable-svc-source-range-check='true'" subsys=daemon level=info msg=" --enable-tracing='false'" subsys=daemon level=info msg=" --enable-unreachable-routes='false'" subsys=daemon level=info msg=" --enable-vtep='false'" subsys=daemon level=info msg=" --enable-well-known-identities='false'" subsys=daemon level=info msg=" --enable-wireguard='false'" subsys=daemon level=info msg=" --enable-wireguard-userspace-fallback='false'" subsys=daemon level=info msg=" --enable-xdp-prefilter='false'" subsys=daemon level=info msg=" --enable-xt-socket-fallback='true'" subsys=daemon level=info msg=" --encrypt-interface=''" subsys=daemon level=info msg=" --encrypt-node='false'" subsys=daemon level=info msg=" --endpoint-gc-interval='5m0s'" subsys=daemon level=info msg=" --endpoint-queue-size='25'" subsys=daemon level=info msg=" --endpoint-status=''" subsys=daemon level=info msg=" --envoy-config-timeout='2m0s'" subsys=daemon level=info msg=" --envoy-log=''" subsys=daemon level=info msg=" --exclude-local-address=''" subsys=daemon level=info msg=" --external-envoy-proxy='false'" subsys=daemon level=info msg=" --fixed-identity-mapping=''" subsys=daemon level=info msg=" --fqdn-regex-compile-lru-size='1024'" subsys=daemon level=info msg=" --gops-port='9890'" subsys=daemon level=info msg=" --http-403-msg=''" subsys=daemon level=info msg=" --http-idle-timeout='0'" subsys=daemon level=info msg=" --http-max-grpc-timeout='0'" subsys=daemon level=info msg=" --http-normalize-path='true'" subsys=daemon level=info msg=" --http-request-timeout='3600'" subsys=daemon level=info msg=" --http-retry-count='3'" subsys=daemon level=info msg=" --http-retry-timeout='0'" subsys=daemon level=info msg=" --hubble-disable-tls='false'" subsys=daemon level=info msg=" --hubble-event-buffer-capacity='4095'" subsys=daemon level=info msg=" --hubble-event-queue-size='0'" subsys=daemon level=info msg=" --hubble-export-file-compress='false'" subsys=daemon level=info msg=" --hubble-export-file-max-backups='5'" subsys=daemon level=info msg=" --hubble-export-file-max-size-mb='10'" subsys=daemon level=info msg=" --hubble-export-file-path=''" subsys=daemon level=info msg=" --hubble-listen-address=''" subsys=daemon level=info msg=" --hubble-metrics=''" subsys=daemon level=info msg=" --hubble-metrics-server=''" subsys=daemon level=info msg=" --hubble-monitor-events=''" subsys=daemon level=info msg=" --hubble-prefer-ipv6='false'" subsys=daemon level=info msg=" --hubble-recorder-sink-queue-size='1024'" subsys=daemon level=info msg=" --hubble-recorder-storage-path='/var/run/cilium/pcaps'" subsys=daemon level=info msg=" --hubble-skip-unknown-cgroup-ids='true'" subsys=daemon level=info msg=" --hubble-socket-path='/var/run/cilium/hubble.sock'" subsys=daemon level=info msg=" --hubble-tls-cert-file=''" subsys=daemon level=info msg=" --hubble-tls-client-ca-files=''" subsys=daemon level=info msg=" --hubble-tls-key-file=''" subsys=daemon level=info msg=" --identity-allocation-mode='crd'" subsys=daemon level=info msg=" --identity-change-grace-period='5s'" subsys=daemon level=info msg=" --identity-gc-interval='15m0s'" subsys=daemon level=info msg=" --identity-heartbeat-timeout='30m0s'" subsys=daemon level=info msg=" --identity-restore-grace-period='10m0s'" subsys=daemon level=info msg=" --install-egress-gateway-routes='false'" subsys=daemon level=info msg=" --install-iptables-rules='true'" subsys=daemon level=info msg=" --install-no-conntrack-iptables-rules='false'" subsys=daemon level=info msg=" --ip-allocation-timeout='2m0s'" subsys=daemon level=info msg=" --ip-masq-agent-config-path='/etc/config/ip-masq-agent'" subsys=daemon level=info msg=" --ipam='cluster-pool'" subsys=daemon level=info msg=" --ipam-cilium-node-update-rate='15s'" subsys=daemon level=info msg=" --ipam-multi-pool-pre-allocation='default=8'" subsys=daemon level=info msg=" --ipsec-key-file=''" subsys=daemon level=info msg=" --ipsec-key-rotation-duration='5m0s'" subsys=daemon level=info msg=" --iptables-lock-timeout='5s'" subsys=daemon level=info msg=" --iptables-random-fully='false'" subsys=daemon level=info msg=" --ipv4-native-routing-cidr=''" subsys=daemon level=info msg=" --ipv4-node='auto'" subsys=daemon level=info msg=" --ipv4-pod-subnets=''" subsys=daemon level=info msg=" --ipv4-range='auto'" subsys=daemon level=info msg=" --ipv4-service-loopback-address='169.254.42.1'" subsys=daemon level=info msg=" --ipv4-service-range='auto'" subsys=daemon level=info msg=" --ipv6-cluster-alloc-cidr='f00d::/64'" subsys=daemon level=info msg=" --ipv6-mcast-device=''" subsys=daemon level=info msg=" --ipv6-native-routing-cidr=''" subsys=daemon level=info msg=" --ipv6-node='auto'" subsys=daemon level=info msg=" --ipv6-pod-subnets=''" subsys=daemon level=info msg=" --ipv6-range='auto'" subsys=daemon level=info msg=" --ipv6-service-range='auto'" subsys=daemon level=info msg=" --join-cluster='false'" subsys=daemon level=info msg=" --k8s-api-server=''" subsys=daemon level=info msg=" --k8s-client-burst='10'" subsys=daemon level=info msg=" --k8s-client-qps='5'" subsys=daemon level=info msg=" --k8s-heartbeat-timeout='30s'" subsys=daemon level=info msg=" --k8s-kubeconfig-path=''" subsys=daemon level=info msg=" --k8s-namespace='kube-system'" subsys=daemon level=info msg=" --k8s-require-ipv4-pod-cidr='false'" subsys=daemon level=info msg=" --k8s-require-ipv6-pod-cidr='false'" subsys=daemon level=info msg=" --k8s-service-cache-size='128'" subsys=daemon level=info msg=" --k8s-service-proxy-name=''" subsys=daemon level=info msg=" --k8s-sync-timeout='3m0s'" subsys=daemon level=info msg=" --k8s-watcher-endpoint-selector='metadata.name!=kube-scheduler,metadata.name!=kube-controller-manager,metadata.name!=etcd-operator,metadata.name!=gcp-controller-manager'" subsys=daemon level=info msg=" --keep-config='false'" subsys=daemon level=info msg=" --kube-proxy-replacement='disabled'" subsys=daemon level=info msg=" --kube-proxy-replacement-healthz-bind-address=''" subsys=daemon level=info msg=" --kvstore=''" subsys=daemon level=info msg=" --kvstore-connectivity-timeout='2m0s'" subsys=daemon level=info msg=" --kvstore-lease-ttl='15m0s'" subsys=daemon level=info msg=" --kvstore-max-consecutive-quorum-errors='2'" subsys=daemon level=info msg=" --kvstore-opt=''" subsys=daemon level=info msg=" --kvstore-periodic-sync='5m0s'" subsys=daemon level=info msg=" --l2-announcements-lease-duration='15s'" subsys=daemon level=info msg=" --l2-announcements-renew-deadline='5s'" subsys=daemon level=info msg=" --l2-announcements-retry-period='2s'" subsys=daemon level=info msg=" --l2-pod-announcements-interface=''" subsys=daemon level=info msg=" --label-prefix-file=''" subsys=daemon level=info msg=" --labels=''" subsys=daemon level=info msg=" --lib-dir='/var/lib/cilium'" subsys=daemon level=info msg=" --local-max-addr-scope='252'" subsys=daemon level=info msg=" --local-router-ipv4=''" subsys=daemon level=info msg=" --local-router-ipv6=''" subsys=daemon level=info msg=" --log-driver=''" subsys=daemon level=info msg=" --log-opt=''" subsys=daemon level=info msg=" --log-system-load='false'" subsys=daemon level=info msg=" --max-controller-interval='0'" subsys=daemon level=info msg=" --mesh-auth-enabled='true'" subsys=daemon level=info msg=" --mesh-auth-gc-interval='5m0s'" subsys=daemon level=info msg=" --mesh-auth-mutual-listener-port='0'" subsys=daemon level=info msg=" --mesh-auth-queue-size='1024'" subsys=daemon level=info msg=" --mesh-auth-rotated-identities-queue-size='1024'" subsys=daemon level=info msg=" --mesh-auth-signal-backoff-duration='1s'" subsys=daemon level=info msg=" --mesh-auth-spiffe-trust-domain='spiffe.cilium'" subsys=daemon level=info msg=" --mesh-auth-spire-admin-socket=''" subsys=daemon level=info msg=" --metrics=''" subsys=daemon level=info msg=" --mke-cgroup-mount=''" subsys=daemon level=info msg=" --monitor-aggregation='medium'" subsys=daemon level=info msg=" --monitor-aggregation-flags='all'" subsys=daemon level=info msg=" --monitor-aggregation-interval='5s'" subsys=daemon level=info msg=" --monitor-queue-size='0'" subsys=daemon level=info msg=" --mtu='0'" subsys=daemon level=info msg=" --node-encryption-opt-out-labels='node-role.kubernetes.io/control-plane'" subsys=daemon level=info msg=" --node-port-acceleration='disabled'" subsys=daemon level=info msg=" --node-port-algorithm='random'" subsys=daemon level=info msg=" --node-port-bind-protection='true'" subsys=daemon level=info msg=" --node-port-mode='snat'" subsys=daemon level=info msg=" --node-port-range='30000,32767'" subsys=daemon level=info msg=" --nodes-gc-interval='5m0s'" subsys=daemon level=info msg=" --operator-api-serve-addr='127.0.0.1:9234'" subsys=daemon level=info msg=" --policy-audit-mode='false'" subsys=daemon level=info msg=" --policy-queue-size='100'" subsys=daemon level=info msg=" --policy-trigger-interval='1s'" subsys=daemon level=info msg=" --pprof='false'" subsys=daemon level=info msg=" --pprof-address='localhost'" subsys=daemon level=info msg=" --pprof-port='6060'" subsys=daemon level=info msg=" --preallocate-bpf-maps='false'" subsys=daemon level=info msg=" --prepend-iptables-chains='true'" subsys=daemon level=info msg=" --procfs='/host/proc'" subsys=daemon level=info msg=" --prometheus-serve-addr=':9962'" subsys=daemon level=info msg=" --proxy-connect-timeout='2'" subsys=daemon level=info msg=" --proxy-gid='1337'" subsys=daemon level=info msg=" --proxy-idle-timeout-seconds='60'" subsys=daemon level=info msg=" --proxy-max-connection-duration-seconds='0'" subsys=daemon level=info msg=" --proxy-max-requests-per-connection='0'" subsys=daemon level=info msg=" --proxy-prometheus-port='9964'" subsys=daemon level=info msg=" --read-cni-conf=''" subsys=daemon level=info msg=" --remove-cilium-node-taints='true'" subsys=daemon level=info msg=" --restore='true'" subsys=daemon level=info msg=" --route-metric='0'" subsys=daemon level=info msg=" --routing-mode='tunnel'" subsys=daemon level=info msg=" --set-cilium-is-up-condition='true'" subsys=daemon level=info msg=" --set-cilium-node-taints='true'" subsys=daemon level=info msg=" --sidecar-istio-proxy-image='cilium/istio_proxy'" subsys=daemon level=info msg=" --single-cluster-route='false'" subsys=daemon level=info msg=" --skip-cnp-status-startup-clean='false'" subsys=daemon level=info msg=" --socket-path='/var/run/cilium/cilium.sock'" subsys=daemon level=info msg=" --srv6-encap-mode='reduced'" subsys=daemon level=info msg=" --state-dir='/var/run/cilium'" subsys=daemon level=info msg=" --synchronize-k8s-nodes='true'" subsys=daemon level=info msg=" --tofqdns-dns-reject-response-code='refused'" subsys=daemon level=info msg=" --tofqdns-enable-dns-compression='true'" subsys=daemon level=info msg=" --tofqdns-endpoint-max-ip-per-hostname='50'" subsys=daemon level=info msg=" --tofqdns-idle-connection-grace-period='0s'" subsys=daemon level=info msg=" --tofqdns-max-deferred-connection-deletes='10000'" subsys=daemon level=info msg=" --tofqdns-min-ttl='0'" subsys=daemon level=info msg=" --tofqdns-pre-cache=''" subsys=daemon level=info msg=" --tofqdns-proxy-port='0'" subsys=daemon level=info msg=" --tofqdns-proxy-response-max-delay='100ms'" subsys=daemon level=info msg=" --trace-payloadlen='128'" subsys=daemon level=info msg=" --trace-sock='true'" subsys=daemon level=info msg=" --tunnel=''" subsys=daemon level=info msg=" --tunnel-port='6082'" subsys=daemon level=info msg=" --tunnel-protocol='geneve'" subsys=daemon level=info msg=" --unmanaged-pod-watcher-interval='15'" subsys=daemon level=info msg=" --use-cilium-internal-ip-for-ipsec='false'" subsys=daemon level=info msg=" --version='false'" subsys=daemon level=info msg=" --vlan-bpf-bypass=''" subsys=daemon level=info msg=" --vtep-cidr=''" subsys=daemon level=info msg=" --vtep-endpoint=''" subsys=daemon level=info msg=" --vtep-mac=''" subsys=daemon level=info msg=" --vtep-mask=''" subsys=daemon level=info msg=" --wireguard-encapsulate='false'" subsys=daemon level=info msg=" --write-cni-conf-when-ready='/host/etc/cni/net.d/05-cilium.conflist'" subsys=daemon level=info msg=" _ _ _" subsys=daemon level=info msg=" ___|_| |_|_ _ _____" subsys=daemon level=info msg="| _| | | | | | |" subsys=daemon level=info msg="|___|_|_|_|___|_|_|_|" subsys=daemon level=info msg="Cilium 1.14.8 cf6e022e 2024-03-13T12:23:35-04:00 go version go1.21.8 linux/amd64" subsys=daemon level=info msg="clang (10.0.0) and kernel (5.15.0) versions: OK!" subsys=linux-datapath level=info msg="linking environment: OK!" subsys=linux-datapath level=info msg="Kernel config file not found: if the agent fails to start, check the system requirements at https://docs.cilium.io/en/stable/operations/system_requirements" subsys=probes level=info msg="Detected mounted BPF filesystem at /sys/fs/bpf" subsys=bpf level=info msg="Mounted cgroupv2 filesystem at /run/cilium/cgroupv2" subsys=cgroups level=info msg="Parsing base label prefixes from default label list" subsys=labels-filter level=info msg="Parsing additional label prefixes from user inputs: []" subsys=labels-filter level=info msg="Final label prefixes to be used for identity evaluation:" subsys=labels-filter level=info msg=" - reserved:.*" subsys=labels-filter level=info msg=" - :io\\.kubernetes\\.pod\\.namespace" subsys=labels-filter level=info msg=" - :io\\.cilium\\.k8s\\.namespace\\.labels" subsys=labels-filter level=info msg=" - :app\\.kubernetes\\.io" subsys=labels-filter level=info msg=" - !:io\\.kubernetes" subsys=labels-filter level=info msg=" - !:kubernetes\\.io" subsys=labels-filter level=info msg=" - !:.*beta\\.kubernetes\\.io" subsys=labels-filter level=info msg=" - !:k8s\\.io" subsys=labels-filter level=info msg=" - !:pod-template-generation" subsys=labels-filter level=info msg=" - !:pod-template-hash" subsys=labels-filter level=info msg=" - !:controller-revision-hash" subsys=labels-filter level=info msg=" - !:annotation.*" subsys=labels-filter level=info msg=" - !:etcd_node" subsys=labels-filter level=info msg=Invoked duration=1.067539ms function="pprof.glob..func1 (cell.go:50)" subsys=hive level=info msg=Invoked duration="60.322µs" function="gops.registerGopsHooks (cell.go:38)" subsys=hive level=info msg=Invoked duration=1.09883ms function="metrics.NewRegistry (registry.go:65)" subsys=hive level=info msg=Invoked duration="4.691µs" function="metrics.glob..func1 (cell.go:12)" subsys=hive level=info msg="Spire Delegate API Client is disabled as no socket path is configured" subsys=spire-delegate level=info msg="Mutual authentication handler is disabled as no port is configured" subsys=auth level=info msg=Invoked duration=100.104889ms function="cmd.glob..func4 (daemon_main.go:1607)" subsys=hive level=info msg=Invoked duration="9.41µs" function="gc.registerSignalHandler (cell.go:47)" subsys=hive level=info msg=Invoked duration="15.2µs" function="utime.initUtimeSync (cell.go:29)" subsys=hive level=info msg=Invoked duration="47.141µs" function="agentliveness.newAgentLivenessUpdater (agent_liveness.go:43)" subsys=hive level=info msg=Invoked duration="52.231µs" function="l2responder.NewL2ResponderReconciler (l2responder.go:63)" subsys=hive level=info msg=Invoked duration="62.161µs" function="garp.newGARPProcessor (processor.go:27)" subsys=hive level=info msg=Starting subsys=hive level=info msg="Started gops server" address="127.0.0.1:9890" subsys=gops level=info msg="Start hook executed" duration="367.59µs" function="gops.registerGopsHooks.func1 (cell.go:43)" subsys=hive level=info msg="Start hook executed" duration="1.43µs" function="metrics.NewRegistry.func1 (registry.go:86)" subsys=hive level=info msg="Establishing connection to apiserver" host="https://10.96.0.1:443" subsys=k8s-client level=info msg="Serving prometheus metrics on :9962" subsys=metrics level=info msg="Connected to apiserver" subsys=k8s-client level=info msg="Start hook executed" duration=7.746725ms function="client.(*compositeClientset).onStart" subsys=hive level=info msg="Start hook executed" duration=8.408573ms function="authmap.newAuthMap.func1 (cell.go:27)" subsys=hive level=info msg="Start hook executed" duration="27.7µs" function="configmap.newMap.func1 (cell.go:23)" subsys=hive level=info msg="Start hook executed" duration="28.57µs" function="signalmap.newMap.func1 (cell.go:44)" subsys=hive level=info msg="Start hook executed" duration="158.204µs" function="nodemap.newNodeMap.func1 (cell.go:23)" subsys=hive level=info msg="Start hook executed" duration="71.132µs" function="eventsmap.newEventsMap.func1 (cell.go:35)" subsys=hive level=info msg="Start hook executed" duration="50.341µs" function="*cni.cniConfigManager.Start" subsys=hive level=info msg="Generating CNI configuration file with mode none" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Wrote CNI configuration file to /host/etc/cni/net.d/05-cilium.conflist" subsys=cni-config level=info msg="Generating CNI configuration file with mode none" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Generating CNI configuration file with mode none" subsys=cni-config level=info msg="Start hook executed" duration=43.838893ms function="datapath.newDatapath.func1 (cells.go:113)" subsys=hive level=info msg="Restored 0 node IDs from the BPF map" subsys=linux-datapath level=info msg="Start hook executed" duration="99.773µs" function="datapath.newDatapath.func2 (cells.go:126)" subsys=hive level=info msg="Start hook executed" duration="35.991µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1.Node].Start" subsys=hive level=info msg="Start hook executed" duration="3.341µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2.CiliumNode].Start" subsys=hive level=info msg="Using autogenerated IPv4 allocation range" subsys=node v4Prefix=10.77.0.0/16 level=info msg="no local ciliumnode found, will not restore cilium internal ips from k8s" subsys=daemon level=info msg="Start hook executed" duration=103.829171ms function="node.NewLocalNodeStore.func1 (local_node_store.go:76)" subsys=hive level=info msg="Start hook executed" duration="13.801µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1.Service].Start" subsys=hive level=info msg="Start hook executed" duration=201.875973ms function="*manager.diffStore[*github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1.Service].Start" subsys=hive level=info msg="Start hook executed" duration="4.18µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s.Endpoints].Start" subsys=hive level=info msg="Using discoveryv1.EndpointSlice" subsys=k8s level=info msg="Start hook executed" duration=100.18771ms function="*manager.diffStore[*github.com/cilium/cilium/pkg/k8s.Endpoints].Start" subsys=hive level=info msg="Start hook executed" duration="2.52µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1.Pod].Start" subsys=hive level=info msg="Start hook executed" duration="9.721µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1.Namespace].Start" subsys=hive level=info msg="Start hook executed" duration="1.14µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2.CiliumNetworkPolicy].Start" subsys=hive level=info msg="Start hook executed" duration="3.04µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2.CiliumClusterwideNetworkPolicy].Start" subsys=hive level=info msg="Start hook executed" duration="1.35µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1.CiliumCIDRGroup].Start" subsys=hive level=info msg="Start hook executed" duration="17.761µs" function="endpointmanager.newDefaultEndpointManager.func1 (cell.go:203)" subsys=hive level=info msg="Start hook executed" duration="17µs" function="cmd.newPolicyTrifecta.func1 (policy.go:135)" subsys=hive level=info msg="Start hook executed" duration="48.161µs" function="*manager.manager.Start" subsys=hive level=info msg="Serving cilium node monitor v1.2 API at unix:///var/run/cilium/monitor1_2.sock" subsys=monitor-agent level=info msg="Start hook executed" duration="352.319µs" function="agent.newMonitorAgent.func1 (cell.go:61)" subsys=hive level=info msg="Start hook executed" duration="4.8µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1.CiliumL2AnnouncementPolicy].Start" subsys=hive level=info msg="Start hook executed" duration="16.19µs" function="*job.group.Start" subsys=hive level=info msg="Envoy: Starting xDS gRPC server listening on /var/run/cilium/envoy/sockets/xds.sock" subsys=envoy-manager level=info msg="Start hook executed" duration="257.737µs" function="proxy.newProxy.func1 (cell.go:55)" subsys=hive level=info msg="Start hook executed" duration="381µs" function="signal.provideSignalManager.func1 (cell.go:25)" subsys=hive level=info msg="Datapath signal listener running" subsys=signal level=info msg="Start hook executed" duration=1.305546ms function="auth.registerAuthManager.func1 (cell.go:109)" subsys=hive level=info msg="Start hook executed" duration="4.12µs" function="auth.registerGCJobs.func1 (cell.go:158)" subsys=hive level=info msg="Start hook executed" duration="19.741µs" function="*job.group.Start" subsys=hive level=warning msg="Deprecated value for --kube-proxy-replacement: disabled (use either \"true\", or \"false\")" subsys=daemon level=info msg="Auto-disabling \"enable-node-port\", \"enable-external-ips\", \"bpf-lb-sock\", \"enable-host-port\" features and falling back to \"enable-host-legacy-routing\"" subsys=daemon level=info msg="Inheriting MTU from external network interface" device=ens3 ipAddr=199.204.45.77 mtu=1500 subsys=mtu level=info msg="Removed map pin at /sys/fs/bpf/tc/globals/cilium_ipcache, recreating and re-pinning map cilium_ipcache" file-path=/sys/fs/bpf/tc/globals/cilium_ipcache name=cilium_ipcache subsys=bpf level=info msg="Removed map pin at /sys/fs/bpf/tc/globals/cilium_tunnel_map, recreating and re-pinning map cilium_tunnel_map" file-path=/sys/fs/bpf/tc/globals/cilium_tunnel_map name=cilium_tunnel_map subsys=bpf level=info msg="Restored services from maps" failedServices=0 restoredServices=0 subsys=service level=info msg="Restored backends from maps" failedBackends=0 restoredBackends=0 skippedBackends=0 subsys=service level=info msg="Reading old endpoints..." subsys=daemon level=info msg="No old endpoints found." subsys=daemon level=info msg="Waiting until all Cilium CRDs are available" subsys=k8s level=info msg="All Cilium CRDs have been found and are available" subsys=k8s level=info msg="Creating or updating CiliumNode resource" node=instance subsys=nodediscovery level=info msg="Creating or updating CiliumNode resource" node=instance subsys=nodediscovery level=warning msg="Unable to get node resource" error="ciliumnodes.cilium.io \"instance\" not found" subsys=nodediscovery level=warning msg="Unable to get node resource" error="ciliumnodes.cilium.io \"instance\" not found" subsys=nodediscovery level=info msg="Successfully created CiliumNode resource" subsys=nodediscovery level=warning msg="Unable to create CiliumNode resource, will retry" error="ciliumnodes.cilium.io \"instance\" already exists" subsys=nodediscovery level=info msg="Retrieved node information from cilium node" nodeName=instance subsys=k8s level=info msg="Received own node information from API server" ipAddr.ipv4=199.204.45.77 ipAddr.ipv6="" k8sNodeIP=199.204.45.77 labels="map[beta.kubernetes.io/arch:amd64 beta.kubernetes.io/os:linux kubernetes.io/arch:amd64 kubernetes.io/hostname:instance kubernetes.io/os:linux node-role.kubernetes.io/control-plane: node.kubernetes.io/exclude-from-external-load-balancers:]" nodeName=instance subsys=k8s v4Prefix=10.0.0.0/24 v6Prefix="" level=info msg="k8s mode: Allowing localhost to reach local endpoints" subsys=daemon level=info msg="Detected devices" devices="[]" subsys=linux-datapath level=info msg="Enabling k8s event listener" subsys=k8s-watcher level=info msg="Removing stale endpoint interfaces" subsys=daemon level=info msg="Skipping kvstore configuration" subsys=daemon level=info msg="Waiting until local node addressing before starting watchers depending on it" subsys=k8s-watcher level=info msg="Initializing node addressing" subsys=daemon level=info msg="Initializing cluster-pool IPAM" subsys=ipam v4Prefix=10.0.0.0/24 v6Prefix="" level=info msg="Restoring endpoints..." subsys=daemon level=info msg="Endpoints restored" failed=0 restored=0 subsys=daemon level=info msg="Addressing information:" subsys=daemon level=info msg=" Cluster-Name: default" subsys=daemon level=info msg=" Cluster-ID: 0" subsys=daemon level=info msg=" Local node-name: instance" subsys=daemon level=info msg=" Node-IPv6: " subsys=daemon level=info msg=" External-Node IPv4: 199.204.45.77" subsys=daemon level=info msg=" Internal-Node IPv4: 10.0.0.70" subsys=daemon level=info msg=" IPv4 allocation prefix: 10.0.0.0/24" subsys=daemon level=info msg=" Loopback IPv4: 169.254.42.1" subsys=daemon level=info msg=" Local IPv4 addresses:" subsys=daemon level=info msg=" - 199.204.45.77" subsys=daemon level=info msg=" - 172.17.0.100" subsys=daemon level=info msg="Node updated" clusterName=default nodeName=instance subsys=nodemanager level=info msg="Creating or updating CiliumNode resource" node=instance subsys=nodediscovery level=info msg="Adding local node to cluster" node="{instance default [{InternalIP 199.204.45.77} {CiliumInternalIP 10.0.0.70}] 10.0.0.0/24 [] [] 10.0.0.137 0 local 0 map[beta.kubernetes.io/arch:amd64 beta.kubernetes.io/os:linux kubernetes.io/arch:amd64 kubernetes.io/hostname:instance kubernetes.io/os:linux node-role.kubernetes.io/control-plane: node.kubernetes.io/exclude-from-external-load-balancers:] map[] 1 }" subsys=nodediscovery level=info msg="Waiting until all pre-existing resources have been received" subsys=k8s-watcher level=info msg="Initializing identity allocator" subsys=identity-cache level=info msg="Allocating identities between range" cluster-id=0 max=65535 min=256 subsys=identity-cache level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.forwarding sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.rp_filter sysParamValue=0 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.accept_local sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.send_redirects sysParamValue=0 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.forwarding sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.rp_filter sysParamValue=0 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.accept_local sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.send_redirects sysParamValue=0 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.core.bpf_jit_enable sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.all.rp_filter sysParamValue=0 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.fib_multipath_use_neigh sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=kernel.unprivileged_bpf_disabled sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=kernel.timer_migration sysParamValue=0 level=info msg="Setting up BPF datapath" bpfClockSource=ktime bpfInsnSet="" subsys=datapath-loader level=info msg="Iptables rules installed" subsys=iptables level=info msg="Adding new proxy port rules for cilium-dns-egress:38465" id=cilium-dns-egress subsys=proxy level=info msg="Iptables proxy rules installed" subsys=iptables level=info msg="Start hook executed" duration=2.598236105s function="cmd.newDaemonPromise.func1 (daemon_main.go:1663)" subsys=hive level=info msg="Starting IP identity watcher" subsys=ipcache level=info msg="Initializing daemon" subsys=daemon level=info msg="Validating configured node address ranges" subsys=daemon level=info msg="Start hook executed" duration="12.661µs" function="utime.initUtimeSync.func1 (cell.go:33)" subsys=hive level=info msg="Start hook executed" duration="9.391µs" function="*job.group.Start" subsys=hive level=info msg="Starting connection tracking garbage collector" subsys=daemon level=info msg="Start hook executed" duration="44.791µs" function="l2respondermap.newMap.func1 (l2_responder_map4.go:44)" subsys=hive level=info msg="Start hook executed" duration="2.88µs" function="*job.group.Start" subsys=hive level=info msg="Initial scan of connection tracking completed" subsys=ct-gc level=info msg="Regenerating restored endpoints" numRestored=0 subsys=daemon level=info msg="Creating host endpoint" subsys=daemon level=info msg="Finished regenerating restored endpoints" regenerated=0 subsys=daemon total=0 level=info msg="Deleted orphan backends" orphanBackends=0 subsys=service level=info msg="New endpoint" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=652 ipv4= ipv6= k8sPodName=/ subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=652 identityLabels="k8s:node-role.kubernetes.io/control-plane,k8s:node.kubernetes.io/exclude-from-external-load-balancers,reserved:host" ipv4= ipv6= k8sPodName=/ subsys=endpoint level=info msg="Identity of endpoint changed" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=652 identity=1 identityLabels="k8s:node-role.kubernetes.io/control-plane,k8s:node.kubernetes.io/exclude-from-external-load-balancers,reserved:host" ipv4= ipv6= k8sPodName=/ oldIdentity="no identity" subsys=endpoint level=info msg="Launching Cilium health daemon" subsys=daemon level=info msg="Launching Cilium health endpoint" subsys=daemon level=info msg="Started healthz status API server" address="127.0.0.1:9879" subsys=daemon level=info msg="Processing queued endpoint deletion requests from /var/run/cilium/deleteQueue" subsys=daemon level=info msg="processing 0 queued deletion requests" subsys=daemon level=info msg="Initializing Cilium API" subsys=daemon level=info msg="Daemon initialization completed" bootstrapTime=3.619799024s subsys=daemon level=info msg="Hubble server is disabled" subsys=hubble level=info msg="Serving cilium API at unix:///var/run/cilium/cilium.sock" subsys=daemon level=info msg="Compiled new BPF template" BPFCompilationTime=294.271762ms file-path=/var/run/cilium/state/templates/d472d1ef548d342e73397fa21a7cf821ec941688b906cd507422cc6b3f18eb00/bpf_host.o subsys=datapath-loader level=info msg="Rewrote endpoint BPF program" containerID= datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=652 identity=1 ipv4= ipv6= k8sPodName=/ subsys=endpoint level=info msg="New endpoint" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=735 ipv4=10.0.0.137 ipv6= k8sPodName=/ subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=735 identityLabels="reserved:health" ipv4=10.0.0.137 ipv6= k8sPodName=/ subsys=endpoint level=info msg="Identity of endpoint changed" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=735 identity=4 identityLabels="reserved:health" ipv4=10.0.0.137 ipv6= k8sPodName=/ oldIdentity="no identity" subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.220 9fa72f21-b5a7-4f6a-a8d8-e50d186e22c2 default }" containerID=773700afafbc19ab6f04de09280955e334cfcc91f6d0966850875e371ce63240 datapathConfiguration="&{false false false false false }" interface=lxcc25f5c641ab8 k8sPodName=kube-system/coredns-7c96b6546b-n7t8k labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=773700afaf datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=552 ipv4=10.0.0.220 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-n7t8k subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=773700afaf datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=552 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.220 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-n7t8k subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:kube-system]" subsys=crd-allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Invalid state transition skipped" containerID=773700afaf datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=552 endpointState.from=waiting-for-identity endpointState.to=waiting-to-regenerate file=/go/src/github.com/cilium/cilium/pkg/endpoint/policy.go ipv4=10.0.0.220 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-n7t8k line=611 subsys=endpoint level=info msg="Allocated new global key" key="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=coredns;k8s:io.kubernetes.pod.namespace=kube-system;k8s:k8s-app=kube-dns;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=773700afaf datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=552 identity=8541 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.220 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-n7t8k oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=773700afaf datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=552 identity=8541 ipv4=10.0.0.220 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-n7t8k subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.29 10f07669-10bb-4917-9a1d-e5e3466e55da default }" containerID=7ad8803d4d00e87f482d745dd913466a4cee9b7f3ce8fd44ad296d4e2d0e381f datapathConfiguration="&{false false false false false }" interface=lxc6b1406560431 k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-2jw26 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=7ad8803d4d datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=110 ipv4=10.0.0.29 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-2jw26 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=7ad8803d4d datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=110 identityLabels="k8s:app=certgen,k8s:batch.kubernetes.io/controller-uid=124fb09b-bc2c-49fa-ac63-79575a139a25,k8s:batch.kubernetes.io/job-name=envoy-gateway-gateway-helm-certgen,k8s:controller-uid=124fb09b-bc2c-49fa-ac63-79575a139a25,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system,k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway-gateway-helm-certgen,k8s:io.kubernetes.pod.namespace=envoy-gateway-system,k8s:job-name=envoy-gateway-gateway-helm-certgen" ipv4=10.0.0.29 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-2jw26 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:envoy-gateway-system k8s:io.cilium.k8s.namespace.labels.name:envoy-gateway-system]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app=certgen;k8s:batch.kubernetes.io/controller-uid=124fb09b-bc2c-49fa-ac63-79575a139a25;k8s:batch.kubernetes.io/job-name=envoy-gateway-gateway-helm-certgen;k8s:controller-uid=124fb09b-bc2c-49fa-ac63-79575a139a25;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system;k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway-gateway-helm-certgen;k8s:io.kubernetes.pod.namespace=envoy-gateway-system;k8s:job-name=envoy-gateway-gateway-helm-certgen;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=7ad8803d4d datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=110 identity=2402 identityLabels="k8s:app=certgen,k8s:batch.kubernetes.io/controller-uid=124fb09b-bc2c-49fa-ac63-79575a139a25,k8s:batch.kubernetes.io/job-name=envoy-gateway-gateway-helm-certgen,k8s:controller-uid=124fb09b-bc2c-49fa-ac63-79575a139a25,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system,k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway-gateway-helm-certgen,k8s:io.kubernetes.pod.namespace=envoy-gateway-system,k8s:job-name=envoy-gateway-gateway-helm-certgen" ipv4=10.0.0.29 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-2jw26 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=7ad8803d4d datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=110 identity=2402 ipv4=10.0.0.29 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-2jw26 subsys=endpoint level=info msg="Serving cilium health API at unix:///var/run/cilium/health.sock" subsys=health-server level=info msg="Compiled new BPF template" BPFCompilationTime=1.127210728s file-path=/var/run/cilium/state/templates/ba422c32f81e530c6469da8537e3fcca200c1faf374bc79dc1be0105f3cd0627/bpf_lxc.o subsys=datapath-loader level=info msg="Rewrote endpoint BPF program" containerID= datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=735 identity=4 ipv4=10.0.0.137 ipv6= k8sPodName=/ subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=7ad8803d4d datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=110 identity=2402 ipv4=10.0.0.29 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-2jw26 subsys=endpoint level=info msg="Successful endpoint creation" containerID=7ad8803d4d datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=110 identity=2402 ipv4=10.0.0.29 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-2jw26 subsys=daemon level=info msg="Rewrote endpoint BPF program" containerID=773700afaf datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=552 identity=8541 ipv4=10.0.0.220 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-n7t8k subsys=endpoint level=info msg="Successful endpoint creation" containerID=773700afaf datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=552 identity=8541 ipv4=10.0.0.220 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-n7t8k subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="regenerating all endpoints" reason= subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=7ad8803d4d endpointID=110 k8sNamespace=envoy-gateway-system k8sPodName=envoy-gateway-gateway-helm-certgen-2jw26 subsys=daemon level=info msg="Releasing key" key="[k8s:app=certgen k8s:batch.kubernetes.io/controller-uid=124fb09b-bc2c-49fa-ac63-79575a139a25 k8s:batch.kubernetes.io/job-name=envoy-gateway-gateway-helm-certgen k8s:controller-uid=124fb09b-bc2c-49fa-ac63-79575a139a25 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway-gateway-helm-certgen k8s:io.kubernetes.pod.namespace=envoy-gateway-system k8s:job-name=envoy-gateway-gateway-helm-certgen]" subsys=allocator level=info msg="Removed endpoint" containerID=7ad8803d4d datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=110 identity=2402 ipv4=10.0.0.29 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-2jw26 subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.200 383edb48-2df0-414d-8404-a97ed1b493be default }" containerID=89176af8dfe8c52c8257356fbccd4d871f7b3ab07bc3c9b50b995fd3311565d1 datapathConfiguration="&{false false false false false }" interface=lxcc2a02619366b k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-gktnl labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=89176af8df datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1995 ipv4=10.0.0.200 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-gktnl subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=89176af8df datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1995 identityLabels="k8s:app.kubernetes.io/instance=envoy-gateway,k8s:app.kubernetes.io/name=gateway-helm,k8s:control-plane=envoy-gateway,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system,k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway,k8s:io.kubernetes.pod.namespace=envoy-gateway-system" ipv4=10.0.0.200 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-gktnl subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:envoy-gateway-system k8s:io.cilium.k8s.namespace.labels.name:envoy-gateway-system]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/instance=envoy-gateway;k8s:app.kubernetes.io/name=gateway-helm;k8s:control-plane=envoy-gateway;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system;k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway;k8s:io.kubernetes.pod.namespace=envoy-gateway-system;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=89176af8df datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1995 identity=9876 identityLabels="k8s:app.kubernetes.io/instance=envoy-gateway,k8s:app.kubernetes.io/name=gateway-helm,k8s:control-plane=envoy-gateway,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system,k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway,k8s:io.kubernetes.pod.namespace=envoy-gateway-system" ipv4=10.0.0.200 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-gktnl oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=89176af8df datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1995 identity=9876 ipv4=10.0.0.200 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-gktnl subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Rewrote endpoint BPF program" containerID=89176af8df datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=1995 identity=9876 ipv4=10.0.0.200 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-gktnl subsys=endpoint level=info msg="Successful endpoint creation" containerID=89176af8df datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=1995 identity=9876 ipv4=10.0.0.200 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-gktnl subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Resolving identity labels (blocking)" containerID= datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=652 identity=1 identityLabels="k8s:node-role.kubernetes.io/control-plane,k8s:node.kubernetes.io/exclude-from-external-load-balancers,k8s:openstack-compute-node=enabled,k8s:openstack-control-plane=enabled,k8s:openvswitch=enabled,reserved:host" ipv4= ipv6= k8sPodName=/ subsys=endpoint level=info msg="Creating or updating CiliumNode resource" node=instance subsys=nodediscovery level=info msg="Re-pinning map with ':pending' suffix" bpfMapName=cilium_calls_hostns_00652 bpfMapPath=/sys/fs/bpf/tc/globals/cilium_calls_hostns_00652 subsys=bpf level=info msg="Unpinning map after successful recreation" bpfMapName=cilium_calls_hostns_00652 bpfMapPath="/sys/fs/bpf/tc/globals/cilium_calls_hostns_00652:pending" subsys=bpf level=info msg="Re-pinning map with ':pending' suffix" bpfMapName=cilium_calls_netdev_00003 bpfMapPath=/sys/fs/bpf/tc/globals/cilium_calls_netdev_00003 subsys=bpf level=info msg="Unpinning map after successful recreation" bpfMapName=cilium_calls_netdev_00003 bpfMapPath="/sys/fs/bpf/tc/globals/cilium_calls_netdev_00003:pending" subsys=bpf level=info msg="Rewrote endpoint BPF program" containerID= datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=652 identity=1 ipv4= ipv6= k8sPodName=/ subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.78 21a80921-2219-4d80-aac4-78d38fe2f3e6 default }" containerID=0f0d43343af4dbd532c26530344ce7ad320d636e96eb623587abb81cfbc5e5df datapathConfiguration="&{false false false false false }" interface=lxc178fcb86ae81 k8sPodName=kube-system/coredns-67659f764b-lb4n2 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=0f0d43343a datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3768 ipv4=10.0.0.78 ipv6= k8sPodName=kube-system/coredns-67659f764b-lb4n2 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=0f0d43343a datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3768 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.78 ipv6= k8sPodName=kube-system/coredns-67659f764b-lb4n2 subsys=endpoint level=info msg="Identity of endpoint changed" containerID=0f0d43343a datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3768 identity=8541 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.78 ipv6= k8sPodName=kube-system/coredns-67659f764b-lb4n2 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=0f0d43343a datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3768 identity=8541 ipv4=10.0.0.78 ipv6= k8sPodName=kube-system/coredns-67659f764b-lb4n2 subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.185 0af6abcc-a2ba-47a8-9f2f-4360a840c6bb default }" containerID=beffa2b37779dfa8d8449919bdaf70827b12af05d33bb3e9ae095f31ba961e79 datapathConfiguration="&{false false false false false }" interface=lxc3037ef7f574d k8sPodName=kube-system/coredns-67659f764b-gsbb8 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=beffa2b377 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1952 ipv4=10.0.0.185 ipv6= k8sPodName=kube-system/coredns-67659f764b-gsbb8 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=beffa2b377 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1952 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.185 ipv6= k8sPodName=kube-system/coredns-67659f764b-gsbb8 subsys=endpoint level=info msg="Identity of endpoint changed" containerID=beffa2b377 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1952 identity=8541 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.185 ipv6= k8sPodName=kube-system/coredns-67659f764b-gsbb8 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=beffa2b377 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1952 identity=8541 ipv4=10.0.0.185 ipv6= k8sPodName=kube-system/coredns-67659f764b-gsbb8 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=0f0d43343a datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=3768 identity=8541 ipv4=10.0.0.78 ipv6= k8sPodName=kube-system/coredns-67659f764b-lb4n2 subsys=endpoint level=info msg="Successful endpoint creation" containerID=0f0d43343a datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=3768 identity=8541 ipv4=10.0.0.78 ipv6= k8sPodName=kube-system/coredns-67659f764b-lb4n2 subsys=daemon level=info msg="Rewrote endpoint BPF program" containerID=beffa2b377 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=1952 identity=8541 ipv4=10.0.0.185 ipv6= k8sPodName=kube-system/coredns-67659f764b-gsbb8 subsys=endpoint level=info msg="Successful endpoint creation" containerID=beffa2b377 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=1952 identity=8541 ipv4=10.0.0.185 ipv6= k8sPodName=kube-system/coredns-67659f764b-gsbb8 subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.138 c0162fc6-a8a0-4ee7-94cc-2a6074e23531 default }" containerID=5836c7e588f27d99949beb727196cceb4de5c039b995e43661fd883353b6ce5b datapathConfiguration="&{false false false false false }" interface=lxcec8e667a4d4e k8sPodName=local-path-storage/local-path-provisioner-679c578f5-vgzj5 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=5836c7e588 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1789 ipv4=10.0.0.138 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-vgzj5 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=5836c7e588 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1789 identityLabels="k8s:app.kubernetes.io/instance=local-path-provisioner,k8s:app.kubernetes.io/name=local-path-provisioner,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage,k8s:io.cilium.k8s.namespace.labels.name=local-path-storage,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner,k8s:io.kubernetes.pod.namespace=local-path-storage" ipv4=10.0.0.138 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-vgzj5 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:local-path-storage k8s:io.cilium.k8s.namespace.labels.name:local-path-storage]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/instance=local-path-provisioner;k8s:app.kubernetes.io/name=local-path-provisioner;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage;k8s:io.cilium.k8s.namespace.labels.name=local-path-storage;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner;k8s:io.kubernetes.pod.namespace=local-path-storage;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=5836c7e588 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1789 identity=27831 identityLabels="k8s:app.kubernetes.io/instance=local-path-provisioner,k8s:app.kubernetes.io/name=local-path-provisioner,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage,k8s:io.cilium.k8s.namespace.labels.name=local-path-storage,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner,k8s:io.kubernetes.pod.namespace=local-path-storage" ipv4=10.0.0.138 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-vgzj5 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=5836c7e588 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1789 identity=27831 ipv4=10.0.0.138 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-vgzj5 subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Rewrote endpoint BPF program" containerID=5836c7e588 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=1789 identity=27831 ipv4=10.0.0.138 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-vgzj5 subsys=endpoint level=info msg="Successful endpoint creation" containerID=5836c7e588 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=1789 identity=27831 ipv4=10.0.0.138 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-vgzj5 subsys=daemon level=info msg="Delete endpoint request" containerID=773700afaf endpointID=552 k8sNamespace=kube-system k8sPodName=coredns-7c96b6546b-n7t8k subsys=daemon level=info msg="Releasing key" key="[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=coredns k8s:io.kubernetes.pod.namespace=kube-system k8s:k8s-app=kube-dns]" subsys=allocator level=info msg="Removed endpoint" containerID=773700afaf datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=552 identity=8541 ipv4=10.0.0.220 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-n7t8k subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.224 7ad5de0a-7b46-4640-91aa-e33423192cf4 default }" containerID=f49e5cc645465a4b74c75f95613a8585421ab33bd0f190e4653517fe5ce8f881 datapathConfiguration="&{false false false false false }" interface=lxcd76fbead3124 k8sPodName=cert-manager/cert-manager-webhook-548949fc64-2tcxd labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=f49e5cc645 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1270 ipv4=10.0.0.224 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-2tcxd subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=f49e5cc645 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1270 identityLabels="k8s:app.kubernetes.io/component=webhook,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=webhook,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=webhook,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-webhook,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.224 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-2tcxd subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:cert-manager k8s:io.cilium.k8s.namespace.labels.name:cert-manager]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app=webhook;k8s:app.kubernetes.io/component=webhook;k8s:app.kubernetes.io/instance=cert-manager;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=webhook;k8s:app.kubernetes.io/version=v1.11.5;k8s:helm.sh/chart=cert-manager-v1.11.5;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager;k8s:io.cilium.k8s.namespace.labels.name=cert-manager;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-webhook;k8s:io.kubernetes.pod.namespace=cert-manager;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=f49e5cc645 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1270 identity=22128 identityLabels="k8s:app.kubernetes.io/component=webhook,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=webhook,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=webhook,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-webhook,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.224 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-2tcxd oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=f49e5cc645 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1270 identity=22128 ipv4=10.0.0.224 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-2tcxd subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Create endpoint request" addressing="&{10.0.0.1 47f8a0da-150b-4f09-93f4-2d001d4f86ab default }" containerID=4ab4ae00cf1467797fcfe904d0805aeb591dcf15285eb49addd34d722229c4d5 datapathConfiguration="&{false false false false false }" interface=lxc467d767201fd k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-jjjpx labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=4ab4ae00cf datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=933 ipv4=10.0.0.1 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-jjjpx subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=4ab4ae00cf datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=933 identityLabels="k8s:app.kubernetes.io/component=cainjector,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=cainjector,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=cainjector,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-cainjector,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.1 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-jjjpx subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:cert-manager k8s:io.cilium.k8s.namespace.labels.name:cert-manager]" subsys=crd-allocator level=info msg="Create endpoint request" addressing="&{10.0.0.177 2b47343e-2046-4042-9a7f-a687dab30caf default }" containerID=ad352a4724e6c2ed9c059e6ea40f5817e1721ebcca28d7df8575fcbc816222c2 datapathConfiguration="&{false false false false false }" interface=lxc19ce3ab21b30 k8sPodName=cert-manager/cert-manager-75c4c745bc-9q696 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=ad352a4724 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=54 ipv4=10.0.0.177 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-9q696 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=ad352a4724 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=54 identityLabels="k8s:app.kubernetes.io/component=controller,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=cert-manager,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=cert-manager,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.177 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-9q696 subsys=endpoint level=info msg="Allocated new global key" key="k8s:app=cainjector;k8s:app.kubernetes.io/component=cainjector;k8s:app.kubernetes.io/instance=cert-manager;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=cainjector;k8s:app.kubernetes.io/version=v1.11.5;k8s:helm.sh/chart=cert-manager-v1.11.5;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager;k8s:io.cilium.k8s.namespace.labels.name=cert-manager;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-cainjector;k8s:io.kubernetes.pod.namespace=cert-manager;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=4ab4ae00cf datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=933 identity=4055 identityLabels="k8s:app.kubernetes.io/component=cainjector,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=cainjector,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=cainjector,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-cainjector,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.1 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-jjjpx oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=4ab4ae00cf datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=933 identity=4055 ipv4=10.0.0.1 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-jjjpx subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:cert-manager k8s:io.cilium.k8s.namespace.labels.name:cert-manager]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app=cert-manager;k8s:app.kubernetes.io/component=controller;k8s:app.kubernetes.io/instance=cert-manager;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=cert-manager;k8s:app.kubernetes.io/version=v1.11.5;k8s:helm.sh/chart=cert-manager-v1.11.5;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager;k8s:io.cilium.k8s.namespace.labels.name=cert-manager;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=cert-manager;k8s:io.kubernetes.pod.namespace=cert-manager;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=ad352a4724 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=54 identity=17254 identityLabels="k8s:app.kubernetes.io/component=controller,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=cert-manager,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=cert-manager,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.177 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-9q696 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=ad352a4724 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=54 identity=17254 ipv4=10.0.0.177 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-9q696 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=f49e5cc645 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=1270 identity=22128 ipv4=10.0.0.224 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-2tcxd subsys=endpoint level=info msg="Successful endpoint creation" containerID=f49e5cc645 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=1270 identity=22128 ipv4=10.0.0.224 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-2tcxd subsys=daemon level=info msg="Rewrote endpoint BPF program" containerID=ad352a4724 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=54 identity=17254 ipv4=10.0.0.177 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-9q696 subsys=endpoint level=info msg="Successful endpoint creation" containerID=ad352a4724 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=54 identity=17254 ipv4=10.0.0.177 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-9q696 subsys=daemon level=info msg="Rewrote endpoint BPF program" containerID=4ab4ae00cf datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=933 identity=4055 ipv4=10.0.0.1 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-jjjpx subsys=endpoint level=info msg="Successful endpoint creation" containerID=4ab4ae00cf datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=933 identity=4055 ipv4=10.0.0.1 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-jjjpx subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.44 d6d3be5a-b748-4a77-8777-831b5a37b0fa default }" containerID=1fa373257f55263612af922581a0947a4854e150108b190c0eb1b8f0283dd580 datapathConfiguration="&{false false false false false }" interface=lxc5ae97f247bfa k8sPodName=cert-manager/cert-manager-startupapicheck-8v72n labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=1fa373257f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=997 ipv4=10.0.0.44 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-8v72n subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=1fa373257f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=997 identityLabels="k8s:app.kubernetes.io/component=startupapicheck,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=startupapicheck,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=startupapicheck,k8s:batch.kubernetes.io/controller-uid=cf371699-69bf-4eba-9969-c6e443a77c33,k8s:batch.kubernetes.io/job-name=cert-manager-startupapicheck,k8s:controller-uid=cf371699-69bf-4eba-9969-c6e443a77c33,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-startupapicheck,k8s:io.kubernetes.pod.namespace=cert-manager,k8s:job-name=cert-manager-startupapicheck" ipv4=10.0.0.44 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-8v72n subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:cert-manager k8s:io.cilium.k8s.namespace.labels.name:cert-manager]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app=startupapicheck;k8s:app.kubernetes.io/component=startupapicheck;k8s:app.kubernetes.io/instance=cert-manager;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=startupapicheck;k8s:app.kubernetes.io/version=v1.11.5;k8s:batch.kubernetes.io/controller-uid=cf371699-69bf-4eba-9969-c6e443a77c33;k8s:batch.kubernetes.io/job-name=cert-manager-startupapicheck;k8s:controller-uid=cf371699-69bf-4eba-9969-c6e443a77c33;k8s:helm.sh/chart=cert-manager-v1.11.5;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager;k8s:io.cilium.k8s.namespace.labels.name=cert-manager;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-startupapicheck;k8s:io.kubernetes.pod.namespace=cert-manager;k8s:job-name=cert-manager-startupapicheck;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=1fa373257f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=997 identity=4775 identityLabels="k8s:app.kubernetes.io/component=startupapicheck,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=startupapicheck,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=startupapicheck,k8s:batch.kubernetes.io/controller-uid=cf371699-69bf-4eba-9969-c6e443a77c33,k8s:batch.kubernetes.io/job-name=cert-manager-startupapicheck,k8s:controller-uid=cf371699-69bf-4eba-9969-c6e443a77c33,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-startupapicheck,k8s:io.kubernetes.pod.namespace=cert-manager,k8s:job-name=cert-manager-startupapicheck" ipv4=10.0.0.44 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-8v72n oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=1fa373257f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=997 identity=4775 ipv4=10.0.0.44 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-8v72n subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=1fa373257f datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=997 identity=4775 ipv4=10.0.0.44 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-8v72n subsys=endpoint level=info msg="Successful endpoint creation" containerID=1fa373257f datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=997 identity=4775 ipv4=10.0.0.44 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-8v72n subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="regenerating all endpoints" reason= subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=1fa373257f endpointID=997 k8sNamespace=cert-manager k8sPodName=cert-manager-startupapicheck-8v72n subsys=daemon level=info msg="Releasing key" key="[k8s:app=startupapicheck k8s:app.kubernetes.io/component=startupapicheck k8s:app.kubernetes.io/instance=cert-manager k8s:app.kubernetes.io/managed-by=Helm k8s:app.kubernetes.io/name=startupapicheck k8s:app.kubernetes.io/version=v1.11.5 k8s:batch.kubernetes.io/controller-uid=cf371699-69bf-4eba-9969-c6e443a77c33 k8s:batch.kubernetes.io/job-name=cert-manager-startupapicheck k8s:controller-uid=cf371699-69bf-4eba-9969-c6e443a77c33 k8s:helm.sh/chart=cert-manager-v1.11.5 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager k8s:io.cilium.k8s.namespace.labels.name=cert-manager k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-startupapicheck k8s:io.kubernetes.pod.namespace=cert-manager k8s:job-name=cert-manager-startupapicheck]" subsys=allocator level=info msg="Removed endpoint" containerID=1fa373257f datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=997 identity=4775 ipv4=10.0.0.44 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-8v72n subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.92 c5b0e0c4-bce4-4b5d-94b5-9786fdb1d91a default }" containerID=db9627b53abcfb296ac8d1c8c03afb9cb734038d3e07e767d646768a61b2bdec datapathConfiguration="&{false false false false false }" interface=lxc7ce50e145bb5 k8sPodName=ingress-nginx/ingress-nginx-admission-create-l7svj labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=db9627b53a datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2267 ipv4=10.0.0.92 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-l7svj subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=db9627b53a datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2267 identityLabels="k8s:app.kubernetes.io/component=admission-webhook,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:batch.kubernetes.io/controller-uid=beb277ad-eba2-4f77-a9ba-d827e219d2a1,k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-create,k8s:controller-uid=beb277ad-eba2-4f77-a9ba-d827e219d2a1,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission,k8s:io.kubernetes.pod.namespace=ingress-nginx,k8s:job-name=ingress-nginx-admission-create" ipv4=10.0.0.92 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-l7svj subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:ingress-nginx k8s:io.cilium.k8s.namespace.labels.name:ingress-nginx]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=admission-webhook;k8s:app.kubernetes.io/instance=ingress-nginx;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=ingress-nginx;k8s:app.kubernetes.io/part-of=ingress-nginx;k8s:app.kubernetes.io/version=1.12.1;k8s:batch.kubernetes.io/controller-uid=beb277ad-eba2-4f77-a9ba-d827e219d2a1;k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-create;k8s:controller-uid=beb277ad-eba2-4f77-a9ba-d827e219d2a1;k8s:helm.sh/chart=ingress-nginx-4.12.1;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx;k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission;k8s:io.kubernetes.pod.namespace=ingress-nginx;k8s:job-name=ingress-nginx-admission-create;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=db9627b53a datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2267 identity=45444 identityLabels="k8s:app.kubernetes.io/component=admission-webhook,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:batch.kubernetes.io/controller-uid=beb277ad-eba2-4f77-a9ba-d827e219d2a1,k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-create,k8s:controller-uid=beb277ad-eba2-4f77-a9ba-d827e219d2a1,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission,k8s:io.kubernetes.pod.namespace=ingress-nginx,k8s:job-name=ingress-nginx-admission-create" ipv4=10.0.0.92 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-l7svj oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=db9627b53a datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2267 identity=45444 ipv4=10.0.0.92 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-l7svj subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Rewrote endpoint BPF program" containerID=db9627b53a datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=2267 identity=45444 ipv4=10.0.0.92 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-l7svj subsys=endpoint level=info msg="Successful endpoint creation" containerID=db9627b53a datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=2267 identity=45444 ipv4=10.0.0.92 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-l7svj subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=db9627b53a endpointID=2267 k8sNamespace=ingress-nginx k8sPodName=ingress-nginx-admission-create-l7svj subsys=daemon level=info msg="Releasing key" key="[k8s:app.kubernetes.io/component=admission-webhook k8s:app.kubernetes.io/instance=ingress-nginx k8s:app.kubernetes.io/managed-by=Helm k8s:app.kubernetes.io/name=ingress-nginx k8s:app.kubernetes.io/part-of=ingress-nginx k8s:app.kubernetes.io/version=1.12.1 k8s:batch.kubernetes.io/controller-uid=beb277ad-eba2-4f77-a9ba-d827e219d2a1 k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-create k8s:controller-uid=beb277ad-eba2-4f77-a9ba-d827e219d2a1 k8s:helm.sh/chart=ingress-nginx-4.12.1 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission k8s:io.kubernetes.pod.namespace=ingress-nginx k8s:job-name=ingress-nginx-admission-create]" subsys=allocator level=info msg="Removed endpoint" containerID=db9627b53a datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=2267 identity=45444 ipv4=10.0.0.92 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-l7svj subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.85 1c017ed0-324f-45ec-9d54-95fb19ff6dd0 default }" containerID=3fcdb543149a57237f78c98f52d9660f350d04b75af7abb42e4d88e78ee5b3ed datapathConfiguration="&{false false false false false }" interface=lxc6ce561d3ed53 k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-8mdsd labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=3fcdb54314 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=577 ipv4=10.0.0.85 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-8mdsd subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=3fcdb54314 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=577 identityLabels="k8s:app.kubernetes.io/component=default-backend,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-backend,k8s:io.kubernetes.pod.namespace=ingress-nginx" ipv4=10.0.0.85 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-8mdsd subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:ingress-nginx k8s:io.cilium.k8s.namespace.labels.name:ingress-nginx]" subsys=crd-allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Invalid state transition skipped" containerID=3fcdb54314 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=577 endpointState.from=waiting-for-identity endpointState.to=waiting-to-regenerate file=/go/src/github.com/cilium/cilium/pkg/endpoint/policy.go ipv4=10.0.0.85 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-8mdsd line=611 subsys=endpoint level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=default-backend;k8s:app.kubernetes.io/instance=ingress-nginx;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=ingress-nginx;k8s:app.kubernetes.io/part-of=ingress-nginx;k8s:app.kubernetes.io/version=1.12.1;k8s:helm.sh/chart=ingress-nginx-4.12.1;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx;k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-backend;k8s:io.kubernetes.pod.namespace=ingress-nginx;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=3fcdb54314 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=577 identity=17703 identityLabels="k8s:app.kubernetes.io/component=default-backend,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-backend,k8s:io.kubernetes.pod.namespace=ingress-nginx" ipv4=10.0.0.85 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-8mdsd oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=3fcdb54314 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=577 identity=17703 ipv4=10.0.0.85 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-8mdsd subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=3fcdb54314 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=577 identity=17703 ipv4=10.0.0.85 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-8mdsd subsys=endpoint level=info msg="Successful endpoint creation" containerID=3fcdb54314 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=577 identity=17703 ipv4=10.0.0.85 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-8mdsd subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.171 c5649b02-f7e1-435c-a372-c57f04b47dd5 default }" containerID=b25c4ee898d391570ebf2b334b5e1f68019afbc165995a28e8defb1240522a83 datapathConfiguration="&{false false false false false }" interface=lxce065465ccec0 k8sPodName=ingress-nginx/ingress-nginx-admission-patch-dcc7s labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=b25c4ee898 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=586 ipv4=10.0.0.171 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-dcc7s subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=b25c4ee898 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=586 identityLabels="k8s:app.kubernetes.io/component=admission-webhook,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:batch.kubernetes.io/controller-uid=b276b5c2-60bd-41dd-be23-9509fb89726e,k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-patch,k8s:controller-uid=b276b5c2-60bd-41dd-be23-9509fb89726e,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission,k8s:io.kubernetes.pod.namespace=ingress-nginx,k8s:job-name=ingress-nginx-admission-patch" ipv4=10.0.0.171 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-dcc7s subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:ingress-nginx k8s:io.cilium.k8s.namespace.labels.name:ingress-nginx]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=admission-webhook;k8s:app.kubernetes.io/instance=ingress-nginx;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=ingress-nginx;k8s:app.kubernetes.io/part-of=ingress-nginx;k8s:app.kubernetes.io/version=1.12.1;k8s:batch.kubernetes.io/controller-uid=b276b5c2-60bd-41dd-be23-9509fb89726e;k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-patch;k8s:controller-uid=b276b5c2-60bd-41dd-be23-9509fb89726e;k8s:helm.sh/chart=ingress-nginx-4.12.1;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx;k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission;k8s:io.kubernetes.pod.namespace=ingress-nginx;k8s:job-name=ingress-nginx-admission-patch;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=b25c4ee898 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=586 identity=37784 identityLabels="k8s:app.kubernetes.io/component=admission-webhook,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:batch.kubernetes.io/controller-uid=b276b5c2-60bd-41dd-be23-9509fb89726e,k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-patch,k8s:controller-uid=b276b5c2-60bd-41dd-be23-9509fb89726e,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission,k8s:io.kubernetes.pod.namespace=ingress-nginx,k8s:job-name=ingress-nginx-admission-patch" ipv4=10.0.0.171 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-dcc7s oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=b25c4ee898 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=586 identity=37784 ipv4=10.0.0.171 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-dcc7s subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=b25c4ee898 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=586 identity=37784 ipv4=10.0.0.171 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-dcc7s subsys=endpoint level=info msg="Successful endpoint creation" containerID=b25c4ee898 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=586 identity=37784 ipv4=10.0.0.171 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-dcc7s subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="regenerating all endpoints" reason= subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=b25c4ee898 endpointID=586 k8sNamespace=ingress-nginx k8sPodName=ingress-nginx-admission-patch-dcc7s subsys=daemon level=info msg="Releasing key" key="[k8s:app.kubernetes.io/component=admission-webhook k8s:app.kubernetes.io/instance=ingress-nginx k8s:app.kubernetes.io/managed-by=Helm k8s:app.kubernetes.io/name=ingress-nginx k8s:app.kubernetes.io/part-of=ingress-nginx k8s:app.kubernetes.io/version=1.12.1 k8s:batch.kubernetes.io/controller-uid=b276b5c2-60bd-41dd-be23-9509fb89726e k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-patch k8s:controller-uid=b276b5c2-60bd-41dd-be23-9509fb89726e k8s:helm.sh/chart=ingress-nginx-4.12.1 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission k8s:io.kubernetes.pod.namespace=ingress-nginx k8s:job-name=ingress-nginx-admission-patch]" subsys=allocator level=info msg="Removed endpoint" containerID=b25c4ee898 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=586 identity=37784 ipv4=10.0.0.171 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-dcc7s subsys=endpoint level=info msg="Policy Add Request" ciliumNetworkPolicy="[&{EndpointSelector:{\"matchLabels\":{\"k8s:app.kubernetes.io/component\":\"rabbitmq-operator\",\"k8s:app.kubernetes.io/instance\":\"rabbitmq-cluster-operator\",\"k8s:app.kubernetes.io/name\":\"rabbitmq-cluster-operator\",\"k8s:app.kubernetes.io/part-of\":\"rabbitmq\",\"k8s:io.kubernetes.pod.namespace\":\"openstack\"}} NodeSelector:{} Ingress:[{IngressCommonRule:{FromEndpoints:[] FromRequires:[] FromCIDR: FromCIDRSet:[] FromEntities:[] aggregatedSelectors:[]} ToPorts:[] ICMPs:[] Authentication:}] IngressDeny:[] Egress:[{EgressCommonRule:{ToEndpoints:[{}] ToRequires:[] ToCIDR: ToCIDRSet:[] ToEntities:[] ToServices:[] ToGroups:[] aggregatedSelectors:[]} ToPorts:[] ToFQDNs:[] ICMPs:[] Authentication:}] EgressDeny:[] Labels:[k8s:io.cilium.k8s.policy.derived-from=NetworkPolicy k8s:io.cilium.k8s.policy.name=rabbitmq-cluster-operator k8s:io.cilium.k8s.policy.namespace=openstack k8s:io.cilium.k8s.policy.uid=5584236e-7bba-4ad6-88a5-66803e8b4af5] Description:}]" policyAddRequest=d4771a40-37bd-4e7f-be4f-19af5f0456fe subsys=daemon level=info msg="Policy imported via API, recalculating..." policyAddRequest=d4771a40-37bd-4e7f-be4f-19af5f0456fe policyRevision=2 subsys=daemon level=info msg="NetworkPolicy successfully added" k8sApiVersion= k8sNetworkPolicyName=rabbitmq-cluster-operator subsys=k8s-watcher level=info msg="Policy Add Request" ciliumNetworkPolicy="[&{EndpointSelector:{\"matchLabels\":{\"k8s:app.kubernetes.io/component\":\"messaging-topology-operator\",\"k8s:app.kubernetes.io/instance\":\"rabbitmq-cluster-operator\",\"k8s:app.kubernetes.io/name\":\"rabbitmq-cluster-operator\",\"k8s:app.kubernetes.io/part-of\":\"rabbitmq\",\"k8s:io.kubernetes.pod.namespace\":\"openstack\"}} NodeSelector:{} Ingress:[{IngressCommonRule:{FromEndpoints:[{}] FromRequires:[] FromCIDR: FromCIDRSet:[] FromEntities:[] aggregatedSelectors:[]} ToPorts:[{Ports:[{Port:9443 Protocol:TCP}] TerminatingTLS: OriginatingTLS: ServerNames:[] Listener: Rules:}] ICMPs:[] Authentication:}] IngressDeny:[] Egress:[{EgressCommonRule:{ToEndpoints:[{}] ToRequires:[] ToCIDR: ToCIDRSet:[] ToEntities:[] ToServices:[] ToGroups:[] aggregatedSelectors:[]} ToPorts:[] ToFQDNs:[] ICMPs:[] Authentication:}] EgressDeny:[] Labels:[k8s:io.cilium.k8s.policy.derived-from=NetworkPolicy k8s:io.cilium.k8s.policy.name=rabbitmq-messaging-topology-operator k8s:io.cilium.k8s.policy.namespace=openstack k8s:io.cilium.k8s.policy.uid=e74373b9-dadc-4747-ba29-d33d3273215b] Description:}]" policyAddRequest=f95b09e2-6001-41a4-8c14-75381ad9e157 subsys=daemon level=info msg="NetworkPolicy successfully added" k8sApiVersion= k8sNetworkPolicyName=rabbitmq-messaging-topology-operator subsys=k8s-watcher level=info msg="Policy imported via API, recalculating..." policyAddRequest=f95b09e2-6001-41a4-8c14-75381ad9e157 policyRevision=3 subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.68 c9009c42-2eab-453e-bb61-6f1ac25180ed default }" containerID=574a543aec8f7488b7f814401591bb37bc0cc7bb3001049c7129b6b992ba09d6 datapathConfiguration="&{false false false false false }" interface=lxcc449312a0ed6 k8sPodName=openstack/rabbitmq-cluster-operator-7fcdcd478-6kcqg labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=574a543aec datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2416 ipv4=10.0.0.68 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-7fcdcd478-6kcqg subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=574a543aec datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2416 identityLabels="k8s:app.kubernetes.io/component=rabbitmq-operator,k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=rabbitmq-cluster-operator,k8s:app.kubernetes.io/part-of=rabbitmq,k8s:app.kubernetes.io/version=2.9.0,k8s:helm.sh/chart=rabbitmq-cluster-operator-4.3.6,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-cluster-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.68 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-7fcdcd478-6kcqg subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=rabbitmq-operator;k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=rabbitmq-cluster-operator;k8s:app.kubernetes.io/part-of=rabbitmq;k8s:app.kubernetes.io/version=2.9.0;k8s:helm.sh/chart=rabbitmq-cluster-operator-4.3.6;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-cluster-operator;k8s:io.kubernetes.pod.namespace=openstack;" subsys=allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Identity of endpoint changed" containerID=574a543aec datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2416 identity=11764 identityLabels="k8s:app.kubernetes.io/component=rabbitmq-operator,k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=rabbitmq-cluster-operator,k8s:app.kubernetes.io/part-of=rabbitmq,k8s:app.kubernetes.io/version=2.9.0,k8s:helm.sh/chart=rabbitmq-cluster-operator-4.3.6,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-cluster-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.68 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-7fcdcd478-6kcqg oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=574a543aec datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2416 identity=11764 ipv4=10.0.0.68 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-7fcdcd478-6kcqg subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=574a543aec datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=2416 identity=11764 ipv4=10.0.0.68 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-7fcdcd478-6kcqg subsys=endpoint level=info msg="Successful endpoint creation" containerID=574a543aec datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=2416 identity=11764 ipv4=10.0.0.68 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-7fcdcd478-6kcqg subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Create endpoint request" addressing="&{10.0.0.164 cd9dd4a2-3ce6-4f1b-b457-5b54a6c170ca default }" containerID=7f943371b877faf89cc1ee21f102c08b72609a9bfb943eec7214b380d0c7e92d datapathConfiguration="&{false false false false false }" interface=lxc56869026d0d8 k8sPodName=openstack/rabbitmq-messaging-topology-operator-7f8596f788-9r5nq labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=7f943371b8 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=706 ipv4=10.0.0.164 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-7f8596f788-9r5nq subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=7f943371b8 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=706 identityLabels="k8s:app.kubernetes.io/component=messaging-topology-operator,k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=rabbitmq-cluster-operator,k8s:app.kubernetes.io/part-of=rabbitmq,k8s:app.kubernetes.io/version=1.14.1,k8s:helm.sh/chart=rabbitmq-cluster-operator-4.3.6,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-messaging-topology-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.164 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-7f8596f788-9r5nq subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=messaging-topology-operator;k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=rabbitmq-cluster-operator;k8s:app.kubernetes.io/part-of=rabbitmq;k8s:app.kubernetes.io/version=1.14.1;k8s:helm.sh/chart=rabbitmq-cluster-operator-4.3.6;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-messaging-topology-operator;k8s:io.kubernetes.pod.namespace=openstack;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=7f943371b8 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=706 identity=25252 identityLabels="k8s:app.kubernetes.io/component=messaging-topology-operator,k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=rabbitmq-cluster-operator,k8s:app.kubernetes.io/part-of=rabbitmq,k8s:app.kubernetes.io/version=1.14.1,k8s:helm.sh/chart=rabbitmq-cluster-operator-4.3.6,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-messaging-topology-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.164 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-7f8596f788-9r5nq oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=7f943371b8 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=706 identity=25252 ipv4=10.0.0.164 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-7f8596f788-9r5nq subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Rewrote endpoint BPF program" containerID=7f943371b8 datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=706 identity=25252 ipv4=10.0.0.164 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-7f8596f788-9r5nq subsys=endpoint level=info msg="Successful endpoint creation" containerID=7f943371b8 datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=706 identity=25252 ipv4=10.0.0.164 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-7f8596f788-9r5nq subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Create endpoint request" addressing="&{10.0.0.228 c6b4f619-c5c9-450b-aaa9-3229f3904596 default }" containerID=d5c9e40511986af5cd2509cc7db919cad79f6fa8b271efb672610985df2a99f4 datapathConfiguration="&{false false false false false }" interface=lxc6bc29b7272c8 k8sPodName=openstack/pxc-operator-7cff949c8b-qtlbl labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=d5c9e40511 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1986 ipv4=10.0.0.228 ipv6= k8sPodName=openstack/pxc-operator-7cff949c8b-qtlbl subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=d5c9e40511 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1986 identityLabels="k8s:app.kubernetes.io/component=operator,k8s:app.kubernetes.io/instance=pxc-operator,k8s:app.kubernetes.io/name=pxc-operator,k8s:app.kubernetes.io/part-of=pxc-operator,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=pxc-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.228 ipv6= k8sPodName=openstack/pxc-operator-7cff949c8b-qtlbl subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Invalid state transition skipped" containerID=d5c9e40511 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1986 endpointState.from=waiting-for-identity endpointState.to=waiting-to-regenerate file=/go/src/github.com/cilium/cilium/pkg/endpoint/policy.go ipv4=10.0.0.228 ipv6= k8sPodName=openstack/pxc-operator-7cff949c8b-qtlbl line=611 subsys=endpoint level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=operator;k8s:app.kubernetes.io/instance=pxc-operator;k8s:app.kubernetes.io/name=pxc-operator;k8s:app.kubernetes.io/part-of=pxc-operator;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=pxc-operator;k8s:io.kubernetes.pod.namespace=openstack;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=d5c9e40511 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1986 identity=21273 identityLabels="k8s:app.kubernetes.io/component=operator,k8s:app.kubernetes.io/instance=pxc-operator,k8s:app.kubernetes.io/name=pxc-operator,k8s:app.kubernetes.io/part-of=pxc-operator,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=pxc-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.228 ipv6= k8sPodName=openstack/pxc-operator-7cff949c8b-qtlbl oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=d5c9e40511 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1986 identity=21273 ipv4=10.0.0.228 ipv6= k8sPodName=openstack/pxc-operator-7cff949c8b-qtlbl subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=d5c9e40511 datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=1986 identity=21273 ipv4=10.0.0.228 ipv6= k8sPodName=openstack/pxc-operator-7cff949c8b-qtlbl subsys=endpoint level=info msg="Successful endpoint creation" containerID=d5c9e40511 datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=1986 identity=21273 ipv4=10.0.0.228 ipv6= k8sPodName=openstack/pxc-operator-7cff949c8b-qtlbl subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Create endpoint request" addressing="&{10.0.0.53 6acc69d0-ed1c-4f65-a652-9986b23bb041 default }" containerID=f92e7c5e14702ec8f80d800ca3058321539803afc1e97d8e5543017c9b6fc4e5 datapathConfiguration="&{false false false false false }" interface=lxc91a013b81320 k8sPodName=openstack/percona-xtradb-haproxy-0 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=f92e7c5e14 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=345 ipv4=10.0.0.53 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=f92e7c5e14 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=345 identityLabels="k8s:app.kubernetes.io/component=haproxy,k8s:app.kubernetes.io/instance=percona-xtradb,k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator,k8s:app.kubernetes.io/name=percona-xtradb-cluster,k8s:app.kubernetes.io/part-of=percona-xtradb-cluster,k8s:apps.kubernetes.io/pod-index=0,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=default,k8s:io.kubernetes.pod.namespace=openstack,k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-haproxy-0" ipv4=10.0.0.53 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Invalid state transition skipped" containerID=f92e7c5e14 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=345 endpointState.from=waiting-for-identity endpointState.to=waiting-to-regenerate file=/go/src/github.com/cilium/cilium/pkg/endpoint/policy.go ipv4=10.0.0.53 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 line=611 subsys=endpoint level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=haproxy;k8s:app.kubernetes.io/instance=percona-xtradb;k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator;k8s:app.kubernetes.io/name=percona-xtradb-cluster;k8s:app.kubernetes.io/part-of=percona-xtradb-cluster;k8s:apps.kubernetes.io/pod-index=0;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=default;k8s:io.kubernetes.pod.namespace=openstack;k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-haproxy-0;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=f92e7c5e14 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=345 identity=14332 identityLabels="k8s:app.kubernetes.io/component=haproxy,k8s:app.kubernetes.io/instance=percona-xtradb,k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator,k8s:app.kubernetes.io/name=percona-xtradb-cluster,k8s:app.kubernetes.io/part-of=percona-xtradb-cluster,k8s:apps.kubernetes.io/pod-index=0,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=default,k8s:io.kubernetes.pod.namespace=openstack,k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-haproxy-0" ipv4=10.0.0.53 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=f92e7c5e14 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=345 identity=14332 ipv4=10.0.0.53 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.22 c232d94d-6d82-457c-8c15-5e4e0b999aa7 default }" containerID=0b4bbaf85f99ba2f236c9eef7502835771d34976e5d46ba205dfcd17ca1fe911 datapathConfiguration="&{false false false false false }" interface=lxc13b18ce06c1f k8sPodName=local-path-storage/helper-pod-create-pvc-0232f3fa-5545-474b-b147-50757ba4cc37 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=0b4bbaf85f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=302 ipv4=10.0.0.22 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-0232f3fa-5545-474b-b147-50757ba4cc37 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=0b4bbaf85f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=302 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage,k8s:io.cilium.k8s.namespace.labels.name=local-path-storage,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner,k8s:io.kubernetes.pod.namespace=local-path-storage" ipv4=10.0.0.22 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-0232f3fa-5545-474b-b147-50757ba4cc37 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:local-path-storage k8s:io.cilium.k8s.namespace.labels.name:local-path-storage]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage;k8s:io.cilium.k8s.namespace.labels.name=local-path-storage;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner;k8s:io.kubernetes.pod.namespace=local-path-storage;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=0b4bbaf85f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=302 identity=21980 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage,k8s:io.cilium.k8s.namespace.labels.name=local-path-storage,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner,k8s:io.kubernetes.pod.namespace=local-path-storage" ipv4=10.0.0.22 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-0232f3fa-5545-474b-b147-50757ba4cc37 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=0b4bbaf85f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=302 identity=21980 ipv4=10.0.0.22 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-0232f3fa-5545-474b-b147-50757ba4cc37 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=f92e7c5e14 datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=345 identity=14332 ipv4=10.0.0.53 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 subsys=endpoint level=info msg="Successful endpoint creation" containerID=f92e7c5e14 datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=345 identity=14332 ipv4=10.0.0.53 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 subsys=daemon level=info msg="Rewrote endpoint BPF program" containerID=0b4bbaf85f datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=302 identity=21980 ipv4=10.0.0.22 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-0232f3fa-5545-474b-b147-50757ba4cc37 subsys=endpoint level=info msg="Successful endpoint creation" containerID=0b4bbaf85f datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=302 identity=21980 ipv4=10.0.0.22 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-0232f3fa-5545-474b-b147-50757ba4cc37 subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="regenerating all endpoints" reason= subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=0b4bbaf85f endpointID=302 k8sNamespace=local-path-storage k8sPodName=helper-pod-create-pvc-0232f3fa-5545-474b-b147-50757ba4cc37 subsys=daemon level=info msg="Releasing key" key="[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage k8s:io.cilium.k8s.namespace.labels.name=local-path-storage k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner k8s:io.kubernetes.pod.namespace=local-path-storage]" subsys=allocator level=info msg="Removed endpoint" containerID=0b4bbaf85f datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=302 identity=21980 ipv4=10.0.0.22 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-0232f3fa-5545-474b-b147-50757ba4cc37 subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.227 c5470a81-33a2-441d-8d54-844c1aa2e350 default }" containerID=5c9842ab6006d9c777471a41b1f690594a718ce21343c6bb869358f54d1e103a datapathConfiguration="&{false false false false false }" interface=lxc264e1fc5673c k8sPodName=openstack/percona-xtradb-pxc-0 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=5c9842ab60 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2014 ipv4=10.0.0.227 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=5c9842ab60 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2014 identityLabels="k8s:app.kubernetes.io/component=pxc,k8s:app.kubernetes.io/instance=percona-xtradb,k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator,k8s:app.kubernetes.io/name=percona-xtradb-cluster,k8s:app.kubernetes.io/part-of=percona-xtradb-cluster,k8s:apps.kubernetes.io/pod-index=0,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=default,k8s:io.kubernetes.pod.namespace=openstack,k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-pxc-0" ipv4=10.0.0.227 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=pxc;k8s:app.kubernetes.io/instance=percona-xtradb;k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator;k8s:app.kubernetes.io/name=percona-xtradb-cluster;k8s:app.kubernetes.io/part-of=percona-xtradb-cluster;k8s:apps.kubernetes.io/pod-index=0;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=default;k8s:io.kubernetes.pod.namespace=openstack;k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-pxc-0;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=5c9842ab60 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2014 identity=47179 identityLabels="k8s:app.kubernetes.io/component=pxc,k8s:app.kubernetes.io/instance=percona-xtradb,k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator,k8s:app.kubernetes.io/name=percona-xtradb-cluster,k8s:app.kubernetes.io/part-of=percona-xtradb-cluster,k8s:apps.kubernetes.io/pod-index=0,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=default,k8s:io.kubernetes.pod.namespace=openstack,k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-pxc-0" ipv4=10.0.0.227 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 oldIdentity="no identity" subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Waiting for endpoint to be generated" containerID=5c9842ab60 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2014 identity=47179 ipv4=10.0.0.227 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=5c9842ab60 datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=2014 identity=47179 ipv4=10.0.0.227 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 subsys=endpoint level=info msg="Successful endpoint creation" containerID=5c9842ab60 datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=2014 identity=47179 ipv4=10.0.0.227 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.18 4ad9e23f-5749-4d06-9e0c-ba9c7849d34f default }" containerID=322efbfae1ba2eddeeafb46a1b0ecbe3913b803885413ebb8f06abb6bbe7428f datapathConfiguration="&{false false false false false }" interface=lxc92c1004518e2 k8sPodName=openstack/memcached-memcached-6479589586-czg5j labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=322efbfae1 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2116 ipv4=10.0.0.18 ipv6= k8sPodName=openstack/memcached-memcached-6479589586-czg5j subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=322efbfae1 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2116 identityLabels="k8s:application=memcached,k8s:component=server,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=memcached-memcached,k8s:io.kubernetes.pod.namespace=openstack,k8s:release_group=memcached" ipv4=10.0.0.18 ipv6= k8sPodName=openstack/memcached-memcached-6479589586-czg5j subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:application=memcached;k8s:component=server;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=memcached-memcached;k8s:io.kubernetes.pod.namespace=openstack;k8s:release_group=memcached;" subsys=allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Identity of endpoint changed" containerID=322efbfae1 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2116 identity=6495 identityLabels="k8s:application=memcached,k8s:component=server,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=memcached-memcached,k8s:io.kubernetes.pod.namespace=openstack,k8s:release_group=memcached" ipv4=10.0.0.18 ipv6= k8sPodName=openstack/memcached-memcached-6479589586-czg5j oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=322efbfae1 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2116 identity=6495 ipv4=10.0.0.18 ipv6= k8sPodName=openstack/memcached-memcached-6479589586-czg5j subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=322efbfae1 datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=2116 identity=6495 ipv4=10.0.0.18 ipv6= k8sPodName=openstack/memcached-memcached-6479589586-czg5j subsys=endpoint level=info msg="Successful endpoint creation" containerID=322efbfae1 datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=2116 identity=6495 ipv4=10.0.0.18 ipv6= k8sPodName=openstack/memcached-memcached-6479589586-czg5j subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Policy Add Request" ciliumNetworkPolicy="[&{EndpointSelector:{\"matchLabels\":{\"k8s:app.kubernetes.io/component\":\"keycloak\",\"k8s:app.kubernetes.io/instance\":\"keycloak\",\"k8s:app.kubernetes.io/name\":\"keycloak\",\"k8s:io.kubernetes.pod.namespace\":\"auth-system\"}} NodeSelector:{} Ingress:[{IngressCommonRule:{FromEndpoints:[{}] FromRequires:[] FromCIDR: FromCIDRSet:[] FromEntities:[] aggregatedSelectors:[]} ToPorts:[{Ports:[{Port:7800 Protocol:TCP}] TerminatingTLS: OriginatingTLS: ServerNames:[] Listener: Rules:} {Ports:[{Port:8080 Protocol:TCP}] TerminatingTLS: OriginatingTLS: ServerNames:[] Listener: Rules:}] ICMPs:[] Authentication:}] IngressDeny:[] Egress:[{EgressCommonRule:{ToEndpoints:[{}] ToRequires:[] ToCIDR: ToCIDRSet:[] ToEntities:[] ToServices:[] ToGroups:[] aggregatedSelectors:[]} ToPorts:[] ToFQDNs:[] ICMPs:[] Authentication:}] EgressDeny:[] Labels:[k8s:io.cilium.k8s.policy.derived-from=NetworkPolicy k8s:io.cilium.k8s.policy.name=keycloak k8s:io.cilium.k8s.policy.namespace=auth-system k8s:io.cilium.k8s.policy.uid=941aae0f-c21c-4be1-bd84-badff3b03f21] Description:}]" policyAddRequest=571a4a39-7bcb-4c1f-957e-704b259a4752 subsys=daemon level=info msg="Policy imported via API, recalculating..." policyAddRequest=571a4a39-7bcb-4c1f-957e-704b259a4752 policyRevision=4 subsys=daemon level=info msg="NetworkPolicy successfully added" k8sApiVersion= k8sNetworkPolicyName=keycloak subsys=k8s-watcher level=info msg="Create endpoint request" addressing="&{10.0.0.174 a87671d2-ba82-4087-913b-3d18c9d47a65 default }" containerID=145c6add470f6a69de218156b3ec6f44944505c373d01ae2036a1d537a587fef datapathConfiguration="&{false false false false false }" interface=lxc2e8004c46337 k8sPodName=auth-system/keycloak-0 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=145c6add47 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2678 ipv4=10.0.0.174 ipv6= k8sPodName=auth-system/keycloak-0 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=145c6add47 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2678 identityLabels="k8s:app.kubernetes.io/component=keycloak,k8s:app.kubernetes.io/instance=keycloak,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=keycloak,k8s:app.kubernetes.io/version=24.0.5,k8s:apps.kubernetes.io/pod-index=0,k8s:helm.sh/chart=keycloak-21.4.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=auth-system,k8s:io.cilium.k8s.namespace.labels.name=auth-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=keycloak,k8s:io.kubernetes.pod.namespace=auth-system,k8s:statefulset.kubernetes.io/pod-name=keycloak-0" ipv4=10.0.0.174 ipv6= k8sPodName=auth-system/keycloak-0 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:auth-system k8s:io.cilium.k8s.namespace.labels.name:auth-system]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=keycloak;k8s:app.kubernetes.io/instance=keycloak;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=keycloak;k8s:app.kubernetes.io/version=24.0.5;k8s:apps.kubernetes.io/pod-index=0;k8s:helm.sh/chart=keycloak-21.4.1;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=auth-system;k8s:io.cilium.k8s.namespace.labels.name=auth-system;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=keycloak;k8s:io.kubernetes.pod.namespace=auth-system;k8s:statefulset.kubernetes.io/pod-name=keycloak-0;" subsys=allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Identity of endpoint changed" containerID=145c6add47 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2678 identity=53515 identityLabels="k8s:app.kubernetes.io/component=keycloak,k8s:app.kubernetes.io/instance=keycloak,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=keycloak,k8s:app.kubernetes.io/version=24.0.5,k8s:apps.kubernetes.io/pod-index=0,k8s:helm.sh/chart=keycloak-21.4.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=auth-system,k8s:io.cilium.k8s.namespace.labels.name=auth-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=keycloak,k8s:io.kubernetes.pod.namespace=auth-system,k8s:statefulset.kubernetes.io/pod-name=keycloak-0" ipv4=10.0.0.174 ipv6= k8sPodName=auth-system/keycloak-0 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=145c6add47 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2678 identity=53515 ipv4=10.0.0.174 ipv6= k8sPodName=auth-system/keycloak-0 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=145c6add47 datapathPolicyRevision=0 desiredPolicyRevision=4 endpointID=2678 identity=53515 ipv4=10.0.0.174 ipv6= k8sPodName=auth-system/keycloak-0 subsys=endpoint level=info msg="Successful endpoint creation" containerID=145c6add47 datapathPolicyRevision=4 desiredPolicyRevision=4 endpointID=2678 identity=53515 ipv4=10.0.0.174 ipv6= k8sPodName=auth-system/keycloak-0 subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Conntrack garbage collector interval recalculated" deleteRatio=0.03236774105807153 newInterval=7m30s subsys=map-ct level=info msg="Create endpoint request" addressing="&{10.0.0.198 14712061-1910-4097-9959-d998939a571a default }" containerID=0eba7407d8c7ff3a993c5df63b4515a340459ccf8890b7b1298e293a173251ee datapathConfiguration="&{false false false false false }" interface=lxc5942b516baf4 k8sPodName=secretgen-controller/secretgen-controller-5cf976ccc7-sxchv labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=0eba7407d8 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2967 ipv4=10.0.0.198 ipv6= k8sPodName=secretgen-controller/secretgen-controller-5cf976ccc7-sxchv subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=0eba7407d8 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2967 identityLabels="k8s:app=secretgen-controller,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=secretgen-controller,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=secretgen-controller-sa,k8s:io.kubernetes.pod.namespace=secretgen-controller" ipv4=10.0.0.198 ipv6= k8sPodName=secretgen-controller/secretgen-controller-5cf976ccc7-sxchv subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:secretgen-controller]" subsys=crd-allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Invalid state transition skipped" containerID=0eba7407d8 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2967 endpointState.from=waiting-for-identity endpointState.to=waiting-to-regenerate file=/go/src/github.com/cilium/cilium/pkg/endpoint/policy.go ipv4=10.0.0.198 ipv6= k8sPodName=secretgen-controller/secretgen-controller-5cf976ccc7-sxchv line=611 subsys=endpoint level=info msg="Allocated new global key" key="k8s:app=secretgen-controller;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=secretgen-controller;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=secretgen-controller-sa;k8s:io.kubernetes.pod.namespace=secretgen-controller;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=0eba7407d8 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2967 identity=20919 identityLabels="k8s:app=secretgen-controller,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=secretgen-controller,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=secretgen-controller-sa,k8s:io.kubernetes.pod.namespace=secretgen-controller" ipv4=10.0.0.198 ipv6= k8sPodName=secretgen-controller/secretgen-controller-5cf976ccc7-sxchv oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=0eba7407d8 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2967 identity=20919 ipv4=10.0.0.198 ipv6= k8sPodName=secretgen-controller/secretgen-controller-5cf976ccc7-sxchv subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=0eba7407d8 datapathPolicyRevision=0 desiredPolicyRevision=4 endpointID=2967 identity=20919 ipv4=10.0.0.198 ipv6= k8sPodName=secretgen-controller/secretgen-controller-5cf976ccc7-sxchv subsys=endpoint level=info msg="Successful endpoint creation" containerID=0eba7407d8 datapathPolicyRevision=4 desiredPolicyRevision=4 endpointID=2967 identity=20919 ipv4=10.0.0.198 ipv6= k8sPodName=secretgen-controller/secretgen-controller-5cf976ccc7-sxchv subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager