level=info msg="Memory available for map entries (0.003% of 16764964864B): 41912412B" subsys=config level=info msg="option bpf-ct-global-tcp-max set by dynamic sizing to 147061" subsys=config level=info msg="option bpf-ct-global-any-max set by dynamic sizing to 73530" subsys=config level=info msg="option bpf-nat-global-max set by dynamic sizing to 147061" subsys=config level=info msg="option bpf-neigh-global-max set by dynamic sizing to 147061" subsys=config level=info msg="option bpf-sock-rev-map-max set by dynamic sizing to 73530" subsys=config level=info msg=" --agent-health-port='9879'" subsys=daemon level=info msg=" --agent-labels=''" subsys=daemon level=info msg=" --agent-liveness-update-interval='1s'" subsys=daemon level=info msg=" --agent-not-ready-taint-key='node.cilium.io/agent-not-ready'" subsys=daemon level=info msg=" --allocator-list-timeout='3m0s'" subsys=daemon level=info msg=" --allow-icmp-frag-needed='true'" subsys=daemon level=info msg=" --allow-localhost='auto'" subsys=daemon level=info msg=" --annotate-k8s-node='false'" subsys=daemon level=info msg=" --api-rate-limit=''" subsys=daemon level=info msg=" --arping-refresh-period='30s'" subsys=daemon level=info msg=" --auto-create-cilium-node-resource='true'" subsys=daemon level=info msg=" --auto-direct-node-routes='false'" subsys=daemon level=info msg=" --bgp-announce-lb-ip='false'" subsys=daemon level=info msg=" --bgp-announce-pod-cidr='false'" subsys=daemon level=info msg=" --bgp-config-path='/var/lib/cilium/bgp/config.yaml'" subsys=daemon level=info msg=" --bpf-auth-map-max='524288'" subsys=daemon level=info msg=" --bpf-ct-global-any-max='262144'" subsys=daemon level=info msg=" --bpf-ct-global-tcp-max='524288'" subsys=daemon level=info msg=" --bpf-ct-timeout-regular-any='1m0s'" subsys=daemon level=info msg=" --bpf-ct-timeout-regular-tcp='6h0m0s'" subsys=daemon level=info msg=" --bpf-ct-timeout-regular-tcp-fin='10s'" subsys=daemon level=info msg=" --bpf-ct-timeout-regular-tcp-syn='1m0s'" subsys=daemon level=info msg=" --bpf-ct-timeout-service-any='1m0s'" subsys=daemon level=info msg=" --bpf-ct-timeout-service-tcp='6h0m0s'" subsys=daemon level=info msg=" --bpf-ct-timeout-service-tcp-grace='1m0s'" subsys=daemon level=info msg=" --bpf-filter-priority='1'" subsys=daemon level=info msg=" --bpf-fragments-map-max='8192'" subsys=daemon level=info msg=" --bpf-lb-acceleration='disabled'" subsys=daemon level=info msg=" --bpf-lb-affinity-map-max='0'" subsys=daemon level=info msg=" --bpf-lb-algorithm='random'" subsys=daemon level=info msg=" --bpf-lb-dev-ip-addr-inherit=''" subsys=daemon level=info msg=" --bpf-lb-dsr-dispatch='opt'" subsys=daemon level=info msg=" --bpf-lb-dsr-l4-xlate='frontend'" subsys=daemon level=info msg=" --bpf-lb-external-clusterip='false'" subsys=daemon level=info msg=" --bpf-lb-maglev-hash-seed='JLfvgnHc2kaSUFaI'" subsys=daemon level=info msg=" --bpf-lb-maglev-map-max='0'" subsys=daemon level=info msg=" --bpf-lb-maglev-table-size='16381'" subsys=daemon level=info msg=" --bpf-lb-map-max='65536'" subsys=daemon level=info msg=" --bpf-lb-mode='snat'" subsys=daemon level=info msg=" --bpf-lb-rev-nat-map-max='0'" subsys=daemon level=info msg=" --bpf-lb-rss-ipv4-src-cidr=''" subsys=daemon level=info msg=" --bpf-lb-rss-ipv6-src-cidr=''" subsys=daemon level=info msg=" --bpf-lb-service-backend-map-max='0'" subsys=daemon level=info msg=" --bpf-lb-service-map-max='0'" subsys=daemon level=info msg=" --bpf-lb-sock='false'" subsys=daemon level=info msg=" --bpf-lb-sock-hostns-only='false'" subsys=daemon level=info msg=" --bpf-lb-source-range-map-max='0'" subsys=daemon level=info msg=" --bpf-map-dynamic-size-ratio='0.0025'" subsys=daemon level=info msg=" --bpf-map-event-buffers=''" subsys=daemon level=info msg=" --bpf-nat-global-max='524288'" subsys=daemon level=info msg=" --bpf-neigh-global-max='524288'" subsys=daemon level=info msg=" --bpf-policy-map-full-reconciliation-interval='15m0s'" subsys=daemon level=info msg=" --bpf-policy-map-max='16384'" subsys=daemon level=info msg=" --bpf-root='/sys/fs/bpf'" subsys=daemon level=info msg=" --bpf-sock-rev-map-max='262144'" subsys=daemon level=info msg=" --bypass-ip-availability-upon-restore='false'" subsys=daemon level=info msg=" --certificates-directory='/var/run/cilium/certs'" subsys=daemon level=info msg=" --cflags=''" subsys=daemon level=info msg=" --cgroup-root='/run/cilium/cgroupv2'" subsys=daemon level=info msg=" --cilium-endpoint-gc-interval='5m0s'" subsys=daemon level=info msg=" --cluster-health-port='4240'" subsys=daemon level=info msg=" --cluster-id='0'" subsys=daemon level=info msg=" --cluster-name='default'" subsys=daemon level=info msg=" --cluster-pool-ipv4-cidr='10.0.0.0/8'" subsys=daemon level=info msg=" --cluster-pool-ipv4-mask-size='24'" subsys=daemon level=info msg=" --clustermesh-config='/var/lib/cilium/clustermesh/'" subsys=daemon level=info msg=" --clustermesh-ip-identities-sync-timeout='1m0s'" subsys=daemon level=info msg=" --cmdref=''" subsys=daemon level=info msg=" --cni-chaining-mode='none'" subsys=daemon level=info msg=" --cni-chaining-target=''" subsys=daemon level=info msg=" --cni-exclusive='true'" subsys=daemon level=info msg=" --cni-external-routing='false'" subsys=daemon level=info msg=" --cni-log-file='/var/run/cilium/cilium-cni.log'" subsys=daemon level=info msg=" --cnp-node-status-gc-interval='0s'" subsys=daemon level=info msg=" --config=''" subsys=daemon level=info msg=" --config-dir='/tmp/cilium/config-map'" subsys=daemon level=info msg=" --config-sources='config-map:kube-system/cilium-config'" subsys=daemon level=info msg=" --conntrack-gc-interval='0s'" subsys=daemon level=info msg=" --conntrack-gc-max-interval='0s'" subsys=daemon level=info msg=" --crd-wait-timeout='5m0s'" subsys=daemon level=info msg=" --custom-cni-conf='false'" subsys=daemon level=info msg=" --datapath-mode='veth'" subsys=daemon level=info msg=" --debug='false'" subsys=daemon level=info msg=" --debug-verbose=''" subsys=daemon level=info msg=" --derive-masquerade-ip-addr-from-device=''" subsys=daemon level=info msg=" --devices=''" subsys=daemon level=info msg=" --direct-routing-device=''" subsys=daemon level=info msg=" --disable-cnp-status-updates='true'" subsys=daemon level=info msg=" --disable-endpoint-crd='false'" subsys=daemon level=info msg=" --disable-envoy-version-check='false'" subsys=daemon level=info msg=" --disable-iptables-feeder-rules=''" subsys=daemon level=info msg=" --dns-max-ips-per-restored-rule='1000'" subsys=daemon level=info msg=" --dns-policy-unload-on-shutdown='false'" subsys=daemon level=info msg=" --dnsproxy-concurrency-limit='0'" subsys=daemon level=info msg=" --dnsproxy-concurrency-processing-grace-period='0s'" subsys=daemon level=info msg=" --dnsproxy-enable-transparent-mode='true'" subsys=daemon level=info msg=" --dnsproxy-lock-count='128'" subsys=daemon level=info msg=" --dnsproxy-lock-timeout='500ms'" subsys=daemon level=info msg=" --egress-gateway-policy-map-max='16384'" subsys=daemon level=info msg=" --egress-gateway-reconciliation-trigger-interval='1s'" subsys=daemon level=info msg=" --egress-masquerade-interfaces=''" subsys=daemon level=info msg=" --egress-multi-home-ip-rule-compat='false'" subsys=daemon level=info msg=" --enable-auto-protect-node-port-range='true'" subsys=daemon level=info msg=" --enable-bandwidth-manager='false'" subsys=daemon level=info msg=" --enable-bbr='false'" subsys=daemon level=info msg=" --enable-bgp-control-plane='false'" subsys=daemon level=info msg=" --enable-bpf-clock-probe='false'" subsys=daemon level=info msg=" --enable-bpf-masquerade='false'" subsys=daemon level=info msg=" --enable-bpf-tproxy='false'" subsys=daemon level=info msg=" --enable-cilium-api-server-access='*'" subsys=daemon level=info msg=" --enable-cilium-endpoint-slice='false'" subsys=daemon level=info msg=" --enable-cilium-health-api-server-access='*'" subsys=daemon level=info msg=" --enable-custom-calls='false'" subsys=daemon level=info msg=" --enable-endpoint-health-checking='true'" subsys=daemon level=info msg=" --enable-endpoint-routes='false'" subsys=daemon level=info msg=" --enable-envoy-config='false'" subsys=daemon level=info msg=" --enable-external-ips='false'" subsys=daemon level=info msg=" --enable-health-check-nodeport='true'" subsys=daemon level=info msg=" --enable-health-checking='true'" subsys=daemon level=info msg=" --enable-high-scale-ipcache='false'" subsys=daemon level=info msg=" --enable-host-firewall='false'" subsys=daemon level=info msg=" --enable-host-legacy-routing='false'" subsys=daemon level=info msg=" --enable-host-port='false'" subsys=daemon level=info msg=" --enable-hubble='false'" subsys=daemon level=info msg=" --enable-hubble-recorder-api='true'" subsys=daemon level=info msg=" --enable-icmp-rules='true'" subsys=daemon level=info msg=" --enable-identity-mark='true'" subsys=daemon level=info msg=" --enable-ip-masq-agent='false'" subsys=daemon level=info msg=" --enable-ipsec='false'" subsys=daemon level=info msg=" --enable-ipsec-key-watcher='true'" subsys=daemon level=info msg=" --enable-ipv4='true'" subsys=daemon level=info msg=" --enable-ipv4-big-tcp='false'" subsys=daemon level=info msg=" --enable-ipv4-egress-gateway='false'" subsys=daemon level=info msg=" --enable-ipv4-fragment-tracking='true'" subsys=daemon level=info msg=" --enable-ipv4-masquerade='true'" subsys=daemon level=info msg=" --enable-ipv6='false'" subsys=daemon level=info msg=" --enable-ipv6-big-tcp='false'" subsys=daemon level=info msg=" --enable-ipv6-masquerade='true'" subsys=daemon level=info msg=" --enable-ipv6-ndp='false'" subsys=daemon level=info msg=" --enable-k8s='true'" subsys=daemon level=info msg=" --enable-k8s-api-discovery='false'" subsys=daemon level=info msg=" --enable-k8s-endpoint-slice='true'" subsys=daemon level=info msg=" --enable-k8s-event-handover='false'" subsys=daemon level=info msg=" --enable-k8s-networkpolicy='true'" subsys=daemon level=info msg=" --enable-k8s-terminating-endpoint='true'" subsys=daemon level=info msg=" --enable-l2-announcements='false'" subsys=daemon level=info msg=" --enable-l2-neigh-discovery='true'" subsys=daemon level=info msg=" --enable-l2-pod-announcements='false'" subsys=daemon level=info msg=" --enable-l7-proxy='true'" subsys=daemon level=info msg=" --enable-local-node-route='true'" subsys=daemon level=info msg=" --enable-local-redirect-policy='false'" subsys=daemon level=info msg=" --enable-mke='false'" subsys=daemon level=info msg=" --enable-monitor='true'" subsys=daemon level=info msg=" --enable-nat46x64-gateway='false'" subsys=daemon level=info msg=" --enable-node-port='false'" subsys=daemon level=info msg=" --enable-pmtu-discovery='false'" subsys=daemon level=info msg=" --enable-policy='default'" subsys=daemon level=info msg=" --enable-recorder='false'" subsys=daemon level=info msg=" --enable-remote-node-identity='true'" subsys=daemon level=info msg=" --enable-runtime-device-detection='false'" subsys=daemon level=info msg=" --enable-sctp='false'" subsys=daemon level=info msg=" --enable-service-topology='false'" subsys=daemon level=info msg=" --enable-session-affinity='false'" subsys=daemon level=info msg=" --enable-srv6='false'" subsys=daemon level=info msg=" --enable-stale-cilium-endpoint-cleanup='true'" subsys=daemon level=info msg=" --enable-svc-source-range-check='true'" subsys=daemon level=info msg=" --enable-tracing='false'" subsys=daemon level=info msg=" --enable-unreachable-routes='false'" subsys=daemon level=info msg=" --enable-vtep='false'" subsys=daemon level=info msg=" --enable-well-known-identities='false'" subsys=daemon level=info msg=" --enable-wireguard='false'" subsys=daemon level=info msg=" --enable-wireguard-userspace-fallback='false'" subsys=daemon level=info msg=" --enable-xdp-prefilter='false'" subsys=daemon level=info msg=" --enable-xt-socket-fallback='true'" subsys=daemon level=info msg=" --encrypt-interface=''" subsys=daemon level=info msg=" --encrypt-node='false'" subsys=daemon level=info msg=" --endpoint-gc-interval='5m0s'" subsys=daemon level=info msg=" --endpoint-queue-size='25'" subsys=daemon level=info msg=" --endpoint-status=''" subsys=daemon level=info msg=" --envoy-config-timeout='2m0s'" subsys=daemon level=info msg=" --envoy-log=''" subsys=daemon level=info msg=" --exclude-local-address=''" subsys=daemon level=info msg=" --external-envoy-proxy='false'" subsys=daemon level=info msg=" --fixed-identity-mapping=''" subsys=daemon level=info msg=" --fqdn-regex-compile-lru-size='1024'" subsys=daemon level=info msg=" --gops-port='9890'" subsys=daemon level=info msg=" --http-403-msg=''" subsys=daemon level=info msg=" --http-idle-timeout='0'" subsys=daemon level=info msg=" --http-max-grpc-timeout='0'" subsys=daemon level=info msg=" --http-normalize-path='true'" subsys=daemon level=info msg=" --http-request-timeout='3600'" subsys=daemon level=info msg=" --http-retry-count='3'" subsys=daemon level=info msg=" --http-retry-timeout='0'" subsys=daemon level=info msg=" --hubble-disable-tls='false'" subsys=daemon level=info msg=" --hubble-event-buffer-capacity='4095'" subsys=daemon level=info msg=" --hubble-event-queue-size='0'" subsys=daemon level=info msg=" --hubble-export-file-compress='false'" subsys=daemon level=info msg=" --hubble-export-file-max-backups='5'" subsys=daemon level=info msg=" --hubble-export-file-max-size-mb='10'" subsys=daemon level=info msg=" --hubble-export-file-path=''" subsys=daemon level=info msg=" --hubble-listen-address=''" subsys=daemon level=info msg=" --hubble-metrics=''" subsys=daemon level=info msg=" --hubble-metrics-server=''" subsys=daemon level=info msg=" --hubble-monitor-events=''" subsys=daemon level=info msg=" --hubble-prefer-ipv6='false'" subsys=daemon level=info msg=" --hubble-recorder-sink-queue-size='1024'" subsys=daemon level=info msg=" --hubble-recorder-storage-path='/var/run/cilium/pcaps'" subsys=daemon level=info msg=" --hubble-skip-unknown-cgroup-ids='true'" subsys=daemon level=info msg=" --hubble-socket-path='/var/run/cilium/hubble.sock'" subsys=daemon level=info msg=" --hubble-tls-cert-file=''" subsys=daemon level=info msg=" --hubble-tls-client-ca-files=''" subsys=daemon level=info msg=" --hubble-tls-key-file=''" subsys=daemon level=info msg=" --identity-allocation-mode='crd'" subsys=daemon level=info msg=" --identity-change-grace-period='5s'" subsys=daemon level=info msg=" --identity-gc-interval='15m0s'" subsys=daemon level=info msg=" --identity-heartbeat-timeout='30m0s'" subsys=daemon level=info msg=" --identity-restore-grace-period='10m0s'" subsys=daemon level=info msg=" --install-egress-gateway-routes='false'" subsys=daemon level=info msg=" --install-iptables-rules='true'" subsys=daemon level=info msg=" --install-no-conntrack-iptables-rules='false'" subsys=daemon level=info msg=" --ip-allocation-timeout='2m0s'" subsys=daemon level=info msg=" --ip-masq-agent-config-path='/etc/config/ip-masq-agent'" subsys=daemon level=info msg=" --ipam='cluster-pool'" subsys=daemon level=info msg=" --ipam-cilium-node-update-rate='15s'" subsys=daemon level=info msg=" --ipam-multi-pool-pre-allocation='default=8'" subsys=daemon level=info msg=" --ipsec-key-file=''" subsys=daemon level=info msg=" --ipsec-key-rotation-duration='5m0s'" subsys=daemon level=info msg=" --iptables-lock-timeout='5s'" subsys=daemon level=info msg=" --iptables-random-fully='false'" subsys=daemon level=info msg=" --ipv4-native-routing-cidr=''" subsys=daemon level=info msg=" --ipv4-node='auto'" subsys=daemon level=info msg=" --ipv4-pod-subnets=''" subsys=daemon level=info msg=" --ipv4-range='auto'" subsys=daemon level=info msg=" --ipv4-service-loopback-address='169.254.42.1'" subsys=daemon level=info msg=" --ipv4-service-range='auto'" subsys=daemon level=info msg=" --ipv6-cluster-alloc-cidr='f00d::/64'" subsys=daemon level=info msg=" --ipv6-mcast-device=''" subsys=daemon level=info msg=" --ipv6-native-routing-cidr=''" subsys=daemon level=info msg=" --ipv6-node='auto'" subsys=daemon level=info msg=" --ipv6-pod-subnets=''" subsys=daemon level=info msg=" --ipv6-range='auto'" subsys=daemon level=info msg=" --ipv6-service-range='auto'" subsys=daemon level=info msg=" --join-cluster='false'" subsys=daemon level=info msg=" --k8s-api-server=''" subsys=daemon level=info msg=" --k8s-client-burst='10'" subsys=daemon level=info msg=" --k8s-client-qps='5'" subsys=daemon level=info msg=" --k8s-heartbeat-timeout='30s'" subsys=daemon level=info msg=" --k8s-kubeconfig-path=''" subsys=daemon level=info msg=" --k8s-namespace='kube-system'" subsys=daemon level=info msg=" --k8s-require-ipv4-pod-cidr='false'" subsys=daemon level=info msg=" --k8s-require-ipv6-pod-cidr='false'" subsys=daemon level=info msg=" --k8s-service-cache-size='128'" subsys=daemon level=info msg=" --k8s-service-proxy-name=''" subsys=daemon level=info msg=" --k8s-sync-timeout='3m0s'" subsys=daemon level=info msg=" --k8s-watcher-endpoint-selector='metadata.name!=kube-scheduler,metadata.name!=kube-controller-manager,metadata.name!=etcd-operator,metadata.name!=gcp-controller-manager'" subsys=daemon level=info msg=" --keep-config='false'" subsys=daemon level=info msg=" --kube-proxy-replacement='disabled'" subsys=daemon level=info msg=" --kube-proxy-replacement-healthz-bind-address=''" subsys=daemon level=info msg=" --kvstore=''" subsys=daemon level=info msg=" --kvstore-connectivity-timeout='2m0s'" subsys=daemon level=info msg=" --kvstore-lease-ttl='15m0s'" subsys=daemon level=info msg=" --kvstore-max-consecutive-quorum-errors='2'" subsys=daemon level=info msg=" --kvstore-opt=''" subsys=daemon level=info msg=" --kvstore-periodic-sync='5m0s'" subsys=daemon level=info msg=" --l2-announcements-lease-duration='15s'" subsys=daemon level=info msg=" --l2-announcements-renew-deadline='5s'" subsys=daemon level=info msg=" --l2-announcements-retry-period='2s'" subsys=daemon level=info msg=" --l2-pod-announcements-interface=''" subsys=daemon level=info msg=" --label-prefix-file=''" subsys=daemon level=info msg=" --labels=''" subsys=daemon level=info msg=" --lib-dir='/var/lib/cilium'" subsys=daemon level=info msg=" --local-max-addr-scope='252'" subsys=daemon level=info msg=" --local-router-ipv4=''" subsys=daemon level=info msg=" --local-router-ipv6=''" subsys=daemon level=info msg=" --log-driver=''" subsys=daemon level=info msg=" --log-opt=''" subsys=daemon level=info msg=" --log-system-load='false'" subsys=daemon level=info msg=" --max-controller-interval='0'" subsys=daemon level=info msg=" --mesh-auth-enabled='true'" subsys=daemon level=info msg=" --mesh-auth-gc-interval='5m0s'" subsys=daemon level=info msg=" --mesh-auth-mutual-listener-port='0'" subsys=daemon level=info msg=" --mesh-auth-queue-size='1024'" subsys=daemon level=info msg=" --mesh-auth-rotated-identities-queue-size='1024'" subsys=daemon level=info msg=" --mesh-auth-signal-backoff-duration='1s'" subsys=daemon level=info msg=" --mesh-auth-spiffe-trust-domain='spiffe.cilium'" subsys=daemon level=info msg=" --mesh-auth-spire-admin-socket=''" subsys=daemon level=info msg=" --metrics=''" subsys=daemon level=info msg=" --mke-cgroup-mount=''" subsys=daemon level=info msg=" --monitor-aggregation='medium'" subsys=daemon level=info msg=" --monitor-aggregation-flags='all'" subsys=daemon level=info msg=" --monitor-aggregation-interval='5s'" subsys=daemon level=info msg=" --monitor-queue-size='0'" subsys=daemon level=info msg=" --mtu='0'" subsys=daemon level=info msg=" --node-encryption-opt-out-labels='node-role.kubernetes.io/control-plane'" subsys=daemon level=info msg=" --node-port-acceleration='disabled'" subsys=daemon level=info msg=" --node-port-algorithm='random'" subsys=daemon level=info msg=" --node-port-bind-protection='true'" subsys=daemon level=info msg=" --node-port-mode='snat'" subsys=daemon level=info msg=" --node-port-range='30000,32767'" subsys=daemon level=info msg=" --nodes-gc-interval='5m0s'" subsys=daemon level=info msg=" --operator-api-serve-addr='127.0.0.1:9234'" subsys=daemon level=info msg=" --policy-audit-mode='false'" subsys=daemon level=info msg=" --policy-queue-size='100'" subsys=daemon level=info msg=" --policy-trigger-interval='1s'" subsys=daemon level=info msg=" --pprof='false'" subsys=daemon level=info msg=" --pprof-address='localhost'" subsys=daemon level=info msg=" --pprof-port='6060'" subsys=daemon level=info msg=" --preallocate-bpf-maps='false'" subsys=daemon level=info msg=" --prepend-iptables-chains='true'" subsys=daemon level=info msg=" --procfs='/host/proc'" subsys=daemon level=info msg=" --prometheus-serve-addr=':9962'" subsys=daemon level=info msg=" --proxy-connect-timeout='2'" subsys=daemon level=info msg=" --proxy-gid='1337'" subsys=daemon level=info msg=" --proxy-idle-timeout-seconds='60'" subsys=daemon level=info msg=" --proxy-max-connection-duration-seconds='0'" subsys=daemon level=info msg=" --proxy-max-requests-per-connection='0'" subsys=daemon level=info msg=" --proxy-prometheus-port='9964'" subsys=daemon level=info msg=" --read-cni-conf=''" subsys=daemon level=info msg=" --remove-cilium-node-taints='true'" subsys=daemon level=info msg=" --restore='true'" subsys=daemon level=info msg=" --route-metric='0'" subsys=daemon level=info msg=" --routing-mode='tunnel'" subsys=daemon level=info msg=" --set-cilium-is-up-condition='true'" subsys=daemon level=info msg=" --set-cilium-node-taints='true'" subsys=daemon level=info msg=" --sidecar-istio-proxy-image='cilium/istio_proxy'" subsys=daemon level=info msg=" --single-cluster-route='false'" subsys=daemon level=info msg=" --skip-cnp-status-startup-clean='false'" subsys=daemon level=info msg=" --socket-path='/var/run/cilium/cilium.sock'" subsys=daemon level=info msg=" --srv6-encap-mode='reduced'" subsys=daemon level=info msg=" --state-dir='/var/run/cilium'" subsys=daemon level=info msg=" --synchronize-k8s-nodes='true'" subsys=daemon level=info msg=" --tofqdns-dns-reject-response-code='refused'" subsys=daemon level=info msg=" --tofqdns-enable-dns-compression='true'" subsys=daemon level=info msg=" --tofqdns-endpoint-max-ip-per-hostname='50'" subsys=daemon level=info msg=" --tofqdns-idle-connection-grace-period='0s'" subsys=daemon level=info msg=" --tofqdns-max-deferred-connection-deletes='10000'" subsys=daemon level=info msg=" --tofqdns-min-ttl='0'" subsys=daemon level=info msg=" --tofqdns-pre-cache=''" subsys=daemon level=info msg=" --tofqdns-proxy-port='0'" subsys=daemon level=info msg=" --tofqdns-proxy-response-max-delay='100ms'" subsys=daemon level=info msg=" --trace-payloadlen='128'" subsys=daemon level=info msg=" --trace-sock='true'" subsys=daemon level=info msg=" --tunnel=''" subsys=daemon level=info msg=" --tunnel-port='6082'" subsys=daemon level=info msg=" --tunnel-protocol='geneve'" subsys=daemon level=info msg=" --unmanaged-pod-watcher-interval='15'" subsys=daemon level=info msg=" --use-cilium-internal-ip-for-ipsec='false'" subsys=daemon level=info msg=" --version='false'" subsys=daemon level=info msg=" --vlan-bpf-bypass=''" subsys=daemon level=info msg=" --vtep-cidr=''" subsys=daemon level=info msg=" --vtep-endpoint=''" subsys=daemon level=info msg=" --vtep-mac=''" subsys=daemon level=info msg=" --vtep-mask=''" subsys=daemon level=info msg=" --wireguard-encapsulate='false'" subsys=daemon level=info msg=" --write-cni-conf-when-ready='/host/etc/cni/net.d/05-cilium.conflist'" subsys=daemon level=info msg=" _ _ _" subsys=daemon level=info msg=" ___|_| |_|_ _ _____" subsys=daemon level=info msg="| _| | | | | | |" subsys=daemon level=info msg="|___|_|_|_|___|_|_|_|" subsys=daemon level=info msg="Cilium 1.14.8 cf6e022e 2024-03-13T12:23:35-04:00 go version go1.21.8 linux/amd64" subsys=daemon level=info msg="clang (10.0.0) and kernel (5.15.0) versions: OK!" subsys=linux-datapath level=info msg="linking environment: OK!" subsys=linux-datapath level=info msg="Kernel config file not found: if the agent fails to start, check the system requirements at https://docs.cilium.io/en/stable/operations/system_requirements" subsys=probes level=info msg="Detected mounted BPF filesystem at /sys/fs/bpf" subsys=bpf level=info msg="Mounted cgroupv2 filesystem at /run/cilium/cgroupv2" subsys=cgroups level=info msg="Parsing base label prefixes from default label list" subsys=labels-filter level=info msg="Parsing additional label prefixes from user inputs: []" subsys=labels-filter level=info msg="Final label prefixes to be used for identity evaluation:" subsys=labels-filter level=info msg=" - reserved:.*" subsys=labels-filter level=info msg=" - :io\\.kubernetes\\.pod\\.namespace" subsys=labels-filter level=info msg=" - :io\\.cilium\\.k8s\\.namespace\\.labels" subsys=labels-filter level=info msg=" - :app\\.kubernetes\\.io" subsys=labels-filter level=info msg=" - !:io\\.kubernetes" subsys=labels-filter level=info msg=" - !:kubernetes\\.io" subsys=labels-filter level=info msg=" - !:.*beta\\.kubernetes\\.io" subsys=labels-filter level=info msg=" - !:k8s\\.io" subsys=labels-filter level=info msg=" - !:pod-template-generation" subsys=labels-filter level=info msg=" - !:pod-template-hash" subsys=labels-filter level=info msg=" - !:controller-revision-hash" subsys=labels-filter level=info msg=" - !:annotation.*" subsys=labels-filter level=info msg=" - !:etcd_node" subsys=labels-filter level=info msg=Invoked duration="740.146µs" function="pprof.glob..func1 (cell.go:50)" subsys=hive level=info msg=Invoked duration="62.323µs" function="gops.registerGopsHooks (cell.go:38)" subsys=hive level=info msg=Invoked duration="835.641µs" function="metrics.NewRegistry (registry.go:65)" subsys=hive level=info msg=Invoked duration="9.75µs" function="metrics.glob..func1 (cell.go:12)" subsys=hive level=info msg="Spire Delegate API Client is disabled as no socket path is configured" subsys=spire-delegate level=info msg="Mutual authentication handler is disabled as no port is configured" subsys=auth level=info msg=Invoked duration=96.574477ms function="cmd.glob..func4 (daemon_main.go:1607)" subsys=hive level=info msg=Invoked duration="15.39µs" function="gc.registerSignalHandler (cell.go:47)" subsys=hive level=info msg=Invoked duration="90.463µs" function="utime.initUtimeSync (cell.go:29)" subsys=hive level=info msg=Invoked duration="143.505µs" function="agentliveness.newAgentLivenessUpdater (agent_liveness.go:43)" subsys=hive level=info msg=Invoked duration="144.356µs" function="l2responder.NewL2ResponderReconciler (l2responder.go:63)" subsys=hive level=info msg=Invoked duration="140.384µs" function="garp.newGARPProcessor (processor.go:27)" subsys=hive level=info msg=Starting subsys=hive level=info msg="Started gops server" address="127.0.0.1:9890" subsys=gops level=info msg="Start hook executed" duration="469.668µs" function="gops.registerGopsHooks.func1 (cell.go:43)" subsys=hive level=info msg="Start hook executed" duration="2.26µs" function="metrics.NewRegistry.func1 (registry.go:86)" subsys=hive level=info msg="Establishing connection to apiserver" host="https://10.96.0.1:443" subsys=k8s-client level=info msg="Serving prometheus metrics on :9962" subsys=metrics level=info msg="Connected to apiserver" subsys=k8s-client level=info msg="Start hook executed" duration=10.291802ms function="client.(*compositeClientset).onStart" subsys=hive level=info msg="Start hook executed" duration=6.631319ms function="authmap.newAuthMap.func1 (cell.go:27)" subsys=hive level=info msg="Start hook executed" duration="67.403µs" function="configmap.newMap.func1 (cell.go:23)" subsys=hive level=info msg="Start hook executed" duration="57.931µs" function="signalmap.newMap.func1 (cell.go:44)" subsys=hive level=info msg="Start hook executed" duration="473.907µs" function="nodemap.newNodeMap.func1 (cell.go:23)" subsys=hive level=info msg="Start hook executed" duration="139.186µs" function="eventsmap.newEventsMap.func1 (cell.go:35)" subsys=hive level=info msg="Start hook executed" duration="147.545µs" function="*cni.cniConfigManager.Start" subsys=hive level=info msg="Generating CNI configuration file with mode none" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Wrote CNI configuration file to /host/etc/cni/net.d/05-cilium.conflist" subsys=cni-config level=info msg="Generating CNI configuration file with mode none" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Activity in /host/etc/cni/net.d/, re-generating CNI configuration" subsys=cni-config level=info msg="Generating CNI configuration file with mode none" subsys=cni-config level=info msg="Generating CNI configuration file with mode none" subsys=cni-config level=info msg="Start hook executed" duration=43.616145ms function="datapath.newDatapath.func1 (cells.go:113)" subsys=hive level=info msg="Restored 0 node IDs from the BPF map" subsys=linux-datapath level=info msg="Start hook executed" duration="205.637µs" function="datapath.newDatapath.func2 (cells.go:126)" subsys=hive level=info msg="Start hook executed" duration="13.141µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1.Node].Start" subsys=hive level=info msg="Start hook executed" duration="2.74µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2.CiliumNode].Start" subsys=hive level=info msg="Using autogenerated IPv4 allocation range" subsys=node v4Prefix=10.223.0.0/16 level=info msg="no local ciliumnode found, will not restore cilium internal ips from k8s" subsys=daemon level=info msg="Start hook executed" duration=103.516078ms function="node.NewLocalNodeStore.func1 (local_node_store.go:76)" subsys=hive level=info msg="Start hook executed" duration="4.47µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1.Service].Start" subsys=hive level=info msg="Start hook executed" duration=100.450656ms function="*manager.diffStore[*github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1.Service].Start" subsys=hive level=info msg="Start hook executed" duration="7.06µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s.Endpoints].Start" subsys=hive level=info msg="Using discoveryv1.EndpointSlice" subsys=k8s level=info msg="Start hook executed" duration=100.209451ms function="*manager.diffStore[*github.com/cilium/cilium/pkg/k8s.Endpoints].Start" subsys=hive level=info msg="Start hook executed" duration="5.071µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1.Pod].Start" subsys=hive level=info msg="Start hook executed" duration="2.19µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/slim/k8s/api/core/v1.Namespace].Start" subsys=hive level=info msg="Start hook executed" duration="6.501µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2.CiliumNetworkPolicy].Start" subsys=hive level=info msg="Start hook executed" duration="1.65µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2.CiliumClusterwideNetworkPolicy].Start" subsys=hive level=info msg="Start hook executed" duration="4.58µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1.CiliumCIDRGroup].Start" subsys=hive level=info msg="Start hook executed" duration="26.591µs" function="endpointmanager.newDefaultEndpointManager.func1 (cell.go:203)" subsys=hive level=info msg="Start hook executed" duration="14.48µs" function="cmd.newPolicyTrifecta.func1 (policy.go:135)" subsys=hive level=info msg="Start hook executed" duration="35.402µs" function="*manager.manager.Start" subsys=hive level=info msg="Serving cilium node monitor v1.2 API at unix:///var/run/cilium/monitor1_2.sock" subsys=monitor-agent level=info msg="Start hook executed" duration="366.953µs" function="agent.newMonitorAgent.func1 (cell.go:61)" subsys=hive level=info msg="Start hook executed" duration="3.46µs" function="*resource.resource[*github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1.CiliumL2AnnouncementPolicy].Start" subsys=hive level=info msg="Start hook executed" duration="8.011µs" function="*job.group.Start" subsys=hive level=info msg="Start hook executed" duration="217.738µs" function="proxy.newProxy.func1 (cell.go:55)" subsys=hive level=info msg="Envoy: Starting xDS gRPC server listening on /var/run/cilium/envoy/sockets/xds.sock" subsys=envoy-manager level=info msg="Start hook executed" duration="447.646µs" function="signal.provideSignalManager.func1 (cell.go:25)" subsys=hive level=info msg="Datapath signal listener running" subsys=signal level=info msg="Start hook executed" duration=1.361658ms function="auth.registerAuthManager.func1 (cell.go:109)" subsys=hive level=info msg="Start hook executed" duration="39.041µs" function="auth.registerGCJobs.func1 (cell.go:158)" subsys=hive level=info msg="Start hook executed" duration="26.52µs" function="*job.group.Start" subsys=hive level=warning msg="Deprecated value for --kube-proxy-replacement: disabled (use either \"true\", or \"false\")" subsys=daemon level=info msg="Auto-disabling \"enable-node-port\", \"enable-external-ips\", \"bpf-lb-sock\", \"enable-host-port\" features and falling back to \"enable-host-legacy-routing\"" subsys=daemon level=info msg="Inheriting MTU from external network interface" device=ens3 ipAddr=199.204.45.223 mtu=1500 subsys=mtu level=info msg="Removed map pin at /sys/fs/bpf/tc/globals/cilium_ipcache, recreating and re-pinning map cilium_ipcache" file-path=/sys/fs/bpf/tc/globals/cilium_ipcache name=cilium_ipcache subsys=bpf level=info msg="Removed map pin at /sys/fs/bpf/tc/globals/cilium_tunnel_map, recreating and re-pinning map cilium_tunnel_map" file-path=/sys/fs/bpf/tc/globals/cilium_tunnel_map name=cilium_tunnel_map subsys=bpf level=info msg="Restored services from maps" failedServices=0 restoredServices=0 subsys=service level=info msg="Restored backends from maps" failedBackends=0 restoredBackends=0 skippedBackends=0 subsys=service level=info msg="Reading old endpoints..." subsys=daemon level=info msg="No old endpoints found." subsys=daemon level=info msg="Waiting until all Cilium CRDs are available" subsys=k8s level=info msg="All Cilium CRDs have been found and are available" subsys=k8s level=info msg="Creating or updating CiliumNode resource" node=instance subsys=nodediscovery level=info msg="Creating or updating CiliumNode resource" node=instance subsys=nodediscovery level=warning msg="Unable to get node resource" error="ciliumnodes.cilium.io \"instance\" not found" subsys=nodediscovery level=warning msg="Unable to get node resource" error="ciliumnodes.cilium.io \"instance\" not found" subsys=nodediscovery level=info msg="Successfully created CiliumNode resource" subsys=nodediscovery level=warning msg="Unable to create CiliumNode resource, will retry" error="ciliumnodes.cilium.io \"instance\" already exists" subsys=nodediscovery level=info msg="Retrieved node information from cilium node" nodeName=instance subsys=k8s level=warning msg="Waiting for k8s node information" error="required IPv4 PodCIDR not available" subsys=k8s level=info msg="Retrieved node information from cilium node" nodeName=instance subsys=k8s level=info msg="Received own node information from API server" ipAddr.ipv4=199.204.45.223 ipAddr.ipv6="" k8sNodeIP=199.204.45.223 labels="map[beta.kubernetes.io/arch:amd64 beta.kubernetes.io/os:linux kubernetes.io/arch:amd64 kubernetes.io/hostname:instance kubernetes.io/os:linux node-role.kubernetes.io/control-plane: node.kubernetes.io/exclude-from-external-load-balancers:]" nodeName=instance subsys=k8s v4Prefix=10.0.0.0/24 v6Prefix="" level=info msg="k8s mode: Allowing localhost to reach local endpoints" subsys=daemon level=info msg="Detected devices" devices="[]" subsys=linux-datapath level=info msg="Enabling k8s event listener" subsys=k8s-watcher level=info msg="Removing stale endpoint interfaces" subsys=daemon level=info msg="Skipping kvstore configuration" subsys=daemon level=info msg="Initializing node addressing" subsys=daemon level=info msg="Initializing cluster-pool IPAM" subsys=ipam v4Prefix=10.0.0.0/24 v6Prefix="" level=info msg="Waiting until local node addressing before starting watchers depending on it" subsys=k8s-watcher level=info msg="Restoring endpoints..." subsys=daemon level=info msg="Endpoints restored" failed=0 restored=0 subsys=daemon level=info msg="Addressing information:" subsys=daemon level=info msg=" Cluster-Name: default" subsys=daemon level=info msg=" Cluster-ID: 0" subsys=daemon level=info msg=" Local node-name: instance" subsys=daemon level=info msg=" Node-IPv6: " subsys=daemon level=info msg=" External-Node IPv4: 199.204.45.223" subsys=daemon level=info msg=" Internal-Node IPv4: 10.0.0.98" subsys=daemon level=info msg=" IPv4 allocation prefix: 10.0.0.0/24" subsys=daemon level=info msg=" Loopback IPv4: 169.254.42.1" subsys=daemon level=info msg=" Local IPv4 addresses:" subsys=daemon level=info msg=" - 199.204.45.223" subsys=daemon level=info msg=" - 172.17.0.100" subsys=daemon level=info msg="Node updated" clusterName=default nodeName=instance subsys=nodemanager level=info msg="Creating or updating CiliumNode resource" node=instance subsys=nodediscovery level=info msg="Adding local node to cluster" node="{instance default [{InternalIP 199.204.45.223} {CiliumInternalIP 10.0.0.98}] 10.0.0.0/24 [] [] 10.0.0.232 0 local 0 map[beta.kubernetes.io/arch:amd64 beta.kubernetes.io/os:linux kubernetes.io/arch:amd64 kubernetes.io/hostname:instance kubernetes.io/os:linux node-role.kubernetes.io/control-plane: node.kubernetes.io/exclude-from-external-load-balancers:] map[] 1 }" subsys=nodediscovery level=info msg="Waiting until all pre-existing resources have been received" subsys=k8s-watcher level=info msg="Initializing identity allocator" subsys=identity-cache level=info msg="Allocating identities between range" cluster-id=0 max=65535 min=256 subsys=identity-cache level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.forwarding sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.rp_filter sysParamValue=0 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.accept_local sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_host.send_redirects sysParamValue=0 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.forwarding sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.rp_filter sysParamValue=0 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.accept_local sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.cilium_net.send_redirects sysParamValue=0 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.core.bpf_jit_enable sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.conf.all.rp_filter sysParamValue=0 level=info msg="Setting sysctl" subsys=sysctl sysParamName=net.ipv4.fib_multipath_use_neigh sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=kernel.unprivileged_bpf_disabled sysParamValue=1 level=info msg="Setting sysctl" subsys=sysctl sysParamName=kernel.timer_migration sysParamValue=0 level=info msg="Setting up BPF datapath" bpfClockSource=ktime bpfInsnSet="" subsys=datapath-loader level=info msg="Iptables rules installed" subsys=iptables level=info msg="Adding new proxy port rules for cilium-dns-egress:45485" id=cilium-dns-egress subsys=proxy level=info msg="Iptables proxy rules installed" subsys=iptables level=info msg="Start hook executed" duration=2.33964501s function="cmd.newDaemonPromise.func1 (daemon_main.go:1663)" subsys=hive level=info msg="Start hook executed" duration="78.772µs" function="utime.initUtimeSync.func1 (cell.go:33)" subsys=hive level=info msg="Start hook executed" duration="4.83µs" function="*job.group.Start" subsys=hive level=info msg="Start hook executed" duration="23.061µs" function="l2respondermap.newMap.func1 (l2_responder_map4.go:44)" subsys=hive level=info msg="Start hook executed" duration="2.61µs" function="*job.group.Start" subsys=hive level=info msg="Starting IP identity watcher" subsys=ipcache level=info msg="Initializing daemon" subsys=daemon level=info msg="Validating configured node address ranges" subsys=daemon level=info msg="Starting connection tracking garbage collector" subsys=daemon level=info msg="Initial scan of connection tracking completed" subsys=ct-gc level=info msg="Regenerating restored endpoints" numRestored=0 subsys=daemon level=info msg="Creating host endpoint" subsys=daemon level=info msg="Finished regenerating restored endpoints" regenerated=0 subsys=daemon total=0 level=info msg="Deleted orphan backends" orphanBackends=0 subsys=service level=info msg="New endpoint" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=4078 ipv4= ipv6= k8sPodName=/ subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=4078 identityLabels="k8s:node-role.kubernetes.io/control-plane,k8s:node.kubernetes.io/exclude-from-external-load-balancers,reserved:host" ipv4= ipv6= k8sPodName=/ subsys=endpoint level=info msg="Identity of endpoint changed" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=4078 identity=1 identityLabels="k8s:node-role.kubernetes.io/control-plane,k8s:node.kubernetes.io/exclude-from-external-load-balancers,reserved:host" ipv4= ipv6= k8sPodName=/ oldIdentity="no identity" subsys=endpoint level=info msg="Launching Cilium health daemon" subsys=daemon level=info msg="Launching Cilium health endpoint" subsys=daemon level=info msg="Started healthz status API server" address="127.0.0.1:9879" subsys=daemon level=info msg="Processing queued endpoint deletion requests from /var/run/cilium/deleteQueue" subsys=daemon level=info msg="processing 0 queued deletion requests" subsys=daemon level=info msg="Initializing Cilium API" subsys=daemon level=info msg="Daemon initialization completed" bootstrapTime=3.24140374s subsys=daemon level=info msg="Hubble server is disabled" subsys=hubble level=info msg="Serving cilium API at unix:///var/run/cilium/cilium.sock" subsys=daemon level=info msg="Compiled new BPF template" BPFCompilationTime=312.480297ms file-path=/var/run/cilium/state/templates/47d56c1d35085eb4012d920aca0869d83b65560ea151e40b002b9287a9d3ca1e/bpf_host.o subsys=datapath-loader level=info msg="Create endpoint request" addressing="&{10.0.0.187 e163a953-5e95-4913-9069-bf33d63f32bd default }" containerID=b229f1739ef773c45227a04fa0362849045278143f8fd3caa2f810682c9e2492 datapathConfiguration="&{false false false false false }" interface=lxc308779e87ae4 k8sPodName=kube-system/coredns-7c96b6546b-72qhp labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=b229f1739e datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2919 ipv4=10.0.0.187 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-72qhp subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=b229f1739e datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2919 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.187 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-72qhp subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:kube-system]" subsys=crd-allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Invalid state transition skipped" containerID=b229f1739e datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2919 endpointState.from=waiting-for-identity endpointState.to=waiting-to-regenerate file=/go/src/github.com/cilium/cilium/pkg/endpoint/policy.go ipv4=10.0.0.187 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-72qhp line=611 subsys=endpoint level=info msg="Allocated new global key" key="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=coredns;k8s:io.kubernetes.pod.namespace=kube-system;k8s:k8s-app=kube-dns;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=b229f1739e datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2919 identity=32198 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.187 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-72qhp oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=b229f1739e datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2919 identity=32198 ipv4=10.0.0.187 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-72qhp subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.64 fb06478c-766d-4380-85b1-6197564e0287 default }" containerID=0066abc28944943368db22a570221c3a7044605fccd45ea8de446aa9279e3cb6 datapathConfiguration="&{false false false false false }" interface=lxc58c005ee0f0e k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-f6xnz labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=0066abc289 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=566 ipv4=10.0.0.64 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-f6xnz subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=0066abc289 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=566 identityLabels="k8s:app=certgen,k8s:batch.kubernetes.io/controller-uid=e5a60108-80fd-462b-b68e-1b217e5995df,k8s:batch.kubernetes.io/job-name=envoy-gateway-gateway-helm-certgen,k8s:controller-uid=e5a60108-80fd-462b-b68e-1b217e5995df,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system,k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway-gateway-helm-certgen,k8s:io.kubernetes.pod.namespace=envoy-gateway-system,k8s:job-name=envoy-gateway-gateway-helm-certgen" ipv4=10.0.0.64 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-f6xnz subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:envoy-gateway-system k8s:io.cilium.k8s.namespace.labels.name:envoy-gateway-system]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app=certgen;k8s:batch.kubernetes.io/controller-uid=e5a60108-80fd-462b-b68e-1b217e5995df;k8s:batch.kubernetes.io/job-name=envoy-gateway-gateway-helm-certgen;k8s:controller-uid=e5a60108-80fd-462b-b68e-1b217e5995df;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system;k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway-gateway-helm-certgen;k8s:io.kubernetes.pod.namespace=envoy-gateway-system;k8s:job-name=envoy-gateway-gateway-helm-certgen;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=0066abc289 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=566 identity=18277 identityLabels="k8s:app=certgen,k8s:batch.kubernetes.io/controller-uid=e5a60108-80fd-462b-b68e-1b217e5995df,k8s:batch.kubernetes.io/job-name=envoy-gateway-gateway-helm-certgen,k8s:controller-uid=e5a60108-80fd-462b-b68e-1b217e5995df,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system,k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway-gateway-helm-certgen,k8s:io.kubernetes.pod.namespace=envoy-gateway-system,k8s:job-name=envoy-gateway-gateway-helm-certgen" ipv4=10.0.0.64 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-f6xnz oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=0066abc289 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=566 identity=18277 ipv4=10.0.0.64 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-f6xnz subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID= datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=4078 identity=1 ipv4= ipv6= k8sPodName=/ subsys=endpoint level=info msg="New endpoint" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3054 ipv4=10.0.0.232 ipv6= k8sPodName=/ subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3054 identityLabels="reserved:health" ipv4=10.0.0.232 ipv6= k8sPodName=/ subsys=endpoint level=info msg="Identity of endpoint changed" containerID= datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3054 identity=4 identityLabels="reserved:health" ipv4=10.0.0.232 ipv6= k8sPodName=/ oldIdentity="no identity" subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Compiled new BPF template" BPFCompilationTime=1.086239056s file-path=/var/run/cilium/state/templates/2a3ce1470c11ede8fb0cfa5a1a9a7629f380efb247db42a982ceb8b07eebbca8/bpf_lxc.o subsys=datapath-loader level=info msg="Rewrote endpoint BPF program" containerID= datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=3054 identity=4 ipv4=10.0.0.232 ipv6= k8sPodName=/ subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=b229f1739e datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=2919 identity=32198 ipv4=10.0.0.187 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-72qhp subsys=endpoint level=info msg="Successful endpoint creation" containerID=b229f1739e datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=2919 identity=32198 ipv4=10.0.0.187 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-72qhp subsys=daemon level=info msg="Rewrote endpoint BPF program" containerID=0066abc289 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=566 identity=18277 ipv4=10.0.0.64 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-f6xnz subsys=endpoint level=info msg="Successful endpoint creation" containerID=0066abc289 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=566 identity=18277 ipv4=10.0.0.64 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-f6xnz subsys=daemon level=info msg="Serving cilium health API at unix:///var/run/cilium/health.sock" subsys=health-server level=info msg="regenerating all endpoints" reason= subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=0066abc289 endpointID=566 k8sNamespace=envoy-gateway-system k8sPodName=envoy-gateway-gateway-helm-certgen-f6xnz subsys=daemon level=info msg="Releasing key" key="[k8s:app=certgen k8s:batch.kubernetes.io/controller-uid=e5a60108-80fd-462b-b68e-1b217e5995df k8s:batch.kubernetes.io/job-name=envoy-gateway-gateway-helm-certgen k8s:controller-uid=e5a60108-80fd-462b-b68e-1b217e5995df k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway-gateway-helm-certgen k8s:io.kubernetes.pod.namespace=envoy-gateway-system k8s:job-name=envoy-gateway-gateway-helm-certgen]" subsys=allocator level=info msg="Removed endpoint" containerID=0066abc289 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=566 identity=18277 ipv4=10.0.0.64 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-gateway-helm-certgen-f6xnz subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.135 9a8fe12f-9700-4e7d-9d38-043d5fec9edc default }" containerID=cc72431dd626cfe6e1accec1d5102c6a535c7c932142d49d1f314f5cd1ea654a datapathConfiguration="&{false false false false false }" interface=lxca9c7caf2ed53 k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-h65jr labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=cc72431dd6 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3555 ipv4=10.0.0.135 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-h65jr subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=cc72431dd6 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3555 identityLabels="k8s:app.kubernetes.io/instance=envoy-gateway,k8s:app.kubernetes.io/name=gateway-helm,k8s:control-plane=envoy-gateway,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system,k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway,k8s:io.kubernetes.pod.namespace=envoy-gateway-system" ipv4=10.0.0.135 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-h65jr subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:envoy-gateway-system k8s:io.cilium.k8s.namespace.labels.name:envoy-gateway-system]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/instance=envoy-gateway;k8s:app.kubernetes.io/name=gateway-helm;k8s:control-plane=envoy-gateway;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system;k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway;k8s:io.kubernetes.pod.namespace=envoy-gateway-system;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=cc72431dd6 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3555 identity=48939 identityLabels="k8s:app.kubernetes.io/instance=envoy-gateway,k8s:app.kubernetes.io/name=gateway-helm,k8s:control-plane=envoy-gateway,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=envoy-gateway-system,k8s:io.cilium.k8s.namespace.labels.name=envoy-gateway-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=envoy-gateway,k8s:io.kubernetes.pod.namespace=envoy-gateway-system" ipv4=10.0.0.135 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-h65jr oldIdentity="no identity" subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Waiting for endpoint to be generated" containerID=cc72431dd6 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3555 identity=48939 ipv4=10.0.0.135 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-h65jr subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=cc72431dd6 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=3555 identity=48939 ipv4=10.0.0.135 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-h65jr subsys=endpoint level=info msg="Successful endpoint creation" containerID=cc72431dd6 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=3555 identity=48939 ipv4=10.0.0.135 ipv6= k8sPodName=envoy-gateway-system/envoy-gateway-78446f96c9-h65jr subsys=daemon level=info msg="Resolving identity labels (blocking)" containerID= datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=4078 identity=1 identityLabels="k8s:ceph=enabled,k8s:node-role.kubernetes.io/control-plane,k8s:node.kubernetes.io/exclude-from-external-load-balancers,k8s:openstack-compute-node=enabled,k8s:openstack-control-plane=enabled,k8s:openvswitch=enabled,reserved:host" ipv4= ipv6= k8sPodName=/ subsys=endpoint level=info msg="Creating or updating CiliumNode resource" node=instance subsys=nodediscovery level=info msg="Re-pinning map with ':pending' suffix" bpfMapName=cilium_calls_hostns_04078 bpfMapPath=/sys/fs/bpf/tc/globals/cilium_calls_hostns_04078 subsys=bpf level=info msg="Unpinning map after successful recreation" bpfMapName=cilium_calls_hostns_04078 bpfMapPath="/sys/fs/bpf/tc/globals/cilium_calls_hostns_04078:pending" subsys=bpf level=info msg="Re-pinning map with ':pending' suffix" bpfMapName=cilium_calls_netdev_00003 bpfMapPath=/sys/fs/bpf/tc/globals/cilium_calls_netdev_00003 subsys=bpf level=info msg="Unpinning map after successful recreation" bpfMapName=cilium_calls_netdev_00003 bpfMapPath="/sys/fs/bpf/tc/globals/cilium_calls_netdev_00003:pending" subsys=bpf level=info msg="Rewrote endpoint BPF program" containerID= datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=4078 identity=1 ipv4= ipv6= k8sPodName=/ subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.209 83529f07-0c5b-4c23-b061-62e132c59f67 default }" containerID=2df4b762dd3225a27996a2fea41aeaf45454a160017a3aa3bbe8582cfd4e791b datapathConfiguration="&{false false false false false }" interface=lxc1efdaac069e9 k8sPodName=kube-system/coredns-67659f764b-hf5hg labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=2df4b762dd datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=596 ipv4=10.0.0.209 ipv6= k8sPodName=kube-system/coredns-67659f764b-hf5hg subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=2df4b762dd datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=596 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.209 ipv6= k8sPodName=kube-system/coredns-67659f764b-hf5hg subsys=endpoint level=info msg="Identity of endpoint changed" containerID=2df4b762dd datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=596 identity=32198 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.209 ipv6= k8sPodName=kube-system/coredns-67659f764b-hf5hg oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=2df4b762dd datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=596 identity=32198 ipv4=10.0.0.209 ipv6= k8sPodName=kube-system/coredns-67659f764b-hf5hg subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.96 d33eaa54-ba93-4249-80cc-27f1798e381e default }" containerID=5a0455402c24c9e8f2b7f1c782e7ef8f576d70af4065d6f6efe7a1de7e18997f datapathConfiguration="&{false false false false false }" interface=lxca117360d6717 k8sPodName=kube-system/coredns-67659f764b-sh5wr labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=5a0455402c datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=244 ipv4=10.0.0.96 ipv6= k8sPodName=kube-system/coredns-67659f764b-sh5wr subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=5a0455402c datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=244 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.96 ipv6= k8sPodName=kube-system/coredns-67659f764b-sh5wr subsys=endpoint level=info msg="Identity of endpoint changed" containerID=5a0455402c datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=244 identity=32198 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=coredns,k8s:io.kubernetes.pod.namespace=kube-system,k8s:k8s-app=kube-dns" ipv4=10.0.0.96 ipv6= k8sPodName=kube-system/coredns-67659f764b-sh5wr oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=5a0455402c datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=244 identity=32198 ipv4=10.0.0.96 ipv6= k8sPodName=kube-system/coredns-67659f764b-sh5wr subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=5a0455402c datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=244 identity=32198 ipv4=10.0.0.96 ipv6= k8sPodName=kube-system/coredns-67659f764b-sh5wr subsys=endpoint level=info msg="Successful endpoint creation" containerID=5a0455402c datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=244 identity=32198 ipv4=10.0.0.96 ipv6= k8sPodName=kube-system/coredns-67659f764b-sh5wr subsys=daemon level=info msg="Rewrote endpoint BPF program" containerID=2df4b762dd datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=596 identity=32198 ipv4=10.0.0.209 ipv6= k8sPodName=kube-system/coredns-67659f764b-hf5hg subsys=endpoint level=info msg="Successful endpoint creation" containerID=2df4b762dd datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=596 identity=32198 ipv4=10.0.0.209 ipv6= k8sPodName=kube-system/coredns-67659f764b-hf5hg subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.167 bb95edff-4172-46f3-9a15-a8cc1d73e28a default }" containerID=442168051f1d6c6168f8c9bcca2a06a3b8f0a454649c7846fbba387e7647d897 datapathConfiguration="&{false false false false false }" interface=lxcb1e7a55abfcf k8sPodName=local-path-storage/local-path-provisioner-679c578f5-94k8m labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=442168051f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=995 ipv4=10.0.0.167 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-94k8m subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=442168051f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=995 identityLabels="k8s:app.kubernetes.io/instance=local-path-provisioner,k8s:app.kubernetes.io/name=local-path-provisioner,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage,k8s:io.cilium.k8s.namespace.labels.name=local-path-storage,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner,k8s:io.kubernetes.pod.namespace=local-path-storage" ipv4=10.0.0.167 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-94k8m subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:local-path-storage k8s:io.cilium.k8s.namespace.labels.name:local-path-storage]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/instance=local-path-provisioner;k8s:app.kubernetes.io/name=local-path-provisioner;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage;k8s:io.cilium.k8s.namespace.labels.name=local-path-storage;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner;k8s:io.kubernetes.pod.namespace=local-path-storage;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=442168051f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=995 identity=6239 identityLabels="k8s:app.kubernetes.io/instance=local-path-provisioner,k8s:app.kubernetes.io/name=local-path-provisioner,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage,k8s:io.cilium.k8s.namespace.labels.name=local-path-storage,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner,k8s:io.kubernetes.pod.namespace=local-path-storage" ipv4=10.0.0.167 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-94k8m oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=442168051f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=995 identity=6239 ipv4=10.0.0.167 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-94k8m subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Rewrote endpoint BPF program" containerID=442168051f datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=995 identity=6239 ipv4=10.0.0.167 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-94k8m subsys=endpoint level=info msg="Successful endpoint creation" containerID=442168051f datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=995 identity=6239 ipv4=10.0.0.167 ipv6= k8sPodName=local-path-storage/local-path-provisioner-679c578f5-94k8m subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=b229f1739e endpointID=2919 k8sNamespace=kube-system k8sPodName=coredns-7c96b6546b-72qhp subsys=daemon level=info msg="Releasing key" key="[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=kube-system k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=coredns k8s:io.kubernetes.pod.namespace=kube-system k8s:k8s-app=kube-dns]" subsys=allocator level=info msg="Removed endpoint" containerID=b229f1739e datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=2919 identity=32198 ipv4=10.0.0.187 ipv6= k8sPodName=kube-system/coredns-7c96b6546b-72qhp subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.26 ce7ef986-780c-468a-a8f8-33c193194f5e default }" containerID=2f172829868960d50fe8ae9ffe495ed8c54527f4ae70dd5e03fbc4016ec64901 datapathConfiguration="&{false false false false false }" interface=lxcee803f7cdd74 k8sPodName=cert-manager/cert-manager-75c4c745bc-jlz5t labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=2f17282986 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=492 ipv4=10.0.0.26 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-jlz5t subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=2f17282986 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=492 identityLabels="k8s:app.kubernetes.io/component=controller,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=cert-manager,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=cert-manager,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.26 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-jlz5t subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:cert-manager k8s:io.cilium.k8s.namespace.labels.name:cert-manager]" subsys=crd-allocator level=info msg="Create endpoint request" addressing="&{10.0.0.199 e4415693-6a33-4fba-9d88-908c3f6fd88c default }" containerID=ed2e7d2e142c6f665303127b4cd677325475a5109bd3ab35538c337b1924ae0c datapathConfiguration="&{false false false false false }" interface=lxca224f014ab33 k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-jbqrx labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=ed2e7d2e14 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=234 ipv4=10.0.0.199 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-jbqrx subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=ed2e7d2e14 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=234 identityLabels="k8s:app.kubernetes.io/component=cainjector,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=cainjector,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=cainjector,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-cainjector,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.199 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-jbqrx subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Allocated new global key" key="k8s:app=cert-manager;k8s:app.kubernetes.io/component=controller;k8s:app.kubernetes.io/instance=cert-manager;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=cert-manager;k8s:app.kubernetes.io/version=v1.11.5;k8s:helm.sh/chart=cert-manager-v1.11.5;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager;k8s:io.cilium.k8s.namespace.labels.name=cert-manager;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=cert-manager;k8s:io.kubernetes.pod.namespace=cert-manager;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=2f17282986 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=492 identity=51408 identityLabels="k8s:app.kubernetes.io/component=controller,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=cert-manager,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=cert-manager,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.26 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-jlz5t oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=2f17282986 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=492 identity=51408 ipv4=10.0.0.26 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-jlz5t subsys=endpoint level=info msg="Invalid state transition skipped" containerID=ed2e7d2e14 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=234 endpointState.from=waiting-for-identity endpointState.to=waiting-to-regenerate file=/go/src/github.com/cilium/cilium/pkg/endpoint/policy.go ipv4=10.0.0.199 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-jbqrx line=611 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:cert-manager k8s:io.cilium.k8s.namespace.labels.name:cert-manager]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app=cainjector;k8s:app.kubernetes.io/component=cainjector;k8s:app.kubernetes.io/instance=cert-manager;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=cainjector;k8s:app.kubernetes.io/version=v1.11.5;k8s:helm.sh/chart=cert-manager-v1.11.5;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager;k8s:io.cilium.k8s.namespace.labels.name=cert-manager;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-cainjector;k8s:io.kubernetes.pod.namespace=cert-manager;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=ed2e7d2e14 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=234 identity=48933 identityLabels="k8s:app.kubernetes.io/component=cainjector,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=cainjector,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=cainjector,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-cainjector,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.199 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-jbqrx oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=ed2e7d2e14 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=234 identity=48933 ipv4=10.0.0.199 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-jbqrx subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.93 83925883-1913-4762-9f02-5d49ec6ea63a default }" containerID=532d2ea2d35d7291f0574a2193e1dde700b177efbc8120045c4f61aed90257c5 datapathConfiguration="&{false false false false false }" interface=lxcd64c482cc74b k8sPodName=cert-manager/cert-manager-webhook-548949fc64-j66d8 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=532d2ea2d3 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3796 ipv4=10.0.0.93 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-j66d8 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=532d2ea2d3 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3796 identityLabels="k8s:app.kubernetes.io/component=webhook,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=webhook,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=webhook,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-webhook,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.93 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-j66d8 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:cert-manager k8s:io.cilium.k8s.namespace.labels.name:cert-manager]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app=webhook;k8s:app.kubernetes.io/component=webhook;k8s:app.kubernetes.io/instance=cert-manager;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=webhook;k8s:app.kubernetes.io/version=v1.11.5;k8s:helm.sh/chart=cert-manager-v1.11.5;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager;k8s:io.cilium.k8s.namespace.labels.name=cert-manager;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-webhook;k8s:io.kubernetes.pod.namespace=cert-manager;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=532d2ea2d3 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3796 identity=47222 identityLabels="k8s:app.kubernetes.io/component=webhook,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=webhook,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=webhook,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-webhook,k8s:io.kubernetes.pod.namespace=cert-manager" ipv4=10.0.0.93 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-j66d8 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=532d2ea2d3 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3796 identity=47222 ipv4=10.0.0.93 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-j66d8 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=ed2e7d2e14 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=234 identity=48933 ipv4=10.0.0.199 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-jbqrx subsys=endpoint level=info msg="Successful endpoint creation" containerID=ed2e7d2e14 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=234 identity=48933 ipv4=10.0.0.199 ipv6= k8sPodName=cert-manager/cert-manager-cainjector-64b59ddb75-jbqrx subsys=daemon level=info msg="Rewrote endpoint BPF program" containerID=2f17282986 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=492 identity=51408 ipv4=10.0.0.26 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-jlz5t subsys=endpoint level=info msg="Successful endpoint creation" containerID=2f17282986 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=492 identity=51408 ipv4=10.0.0.26 ipv6= k8sPodName=cert-manager/cert-manager-75c4c745bc-jlz5t subsys=daemon level=info msg="Rewrote endpoint BPF program" containerID=532d2ea2d3 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=3796 identity=47222 ipv4=10.0.0.93 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-j66d8 subsys=endpoint level=info msg="Successful endpoint creation" containerID=532d2ea2d3 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=3796 identity=47222 ipv4=10.0.0.93 ipv6= k8sPodName=cert-manager/cert-manager-webhook-548949fc64-j66d8 subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.92 8dd227d7-dc48-4513-834c-c8cf57e3c9c7 default }" containerID=8cf3b3edc949bb6a613e0f65c3c6a37adf96b08b58c6e9aa586fbf8378856813 datapathConfiguration="&{false false false false false }" interface=lxca23adfe89e35 k8sPodName=cert-manager/cert-manager-startupapicheck-v6kx9 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=8cf3b3edc9 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=820 ipv4=10.0.0.92 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-v6kx9 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=8cf3b3edc9 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=820 identityLabels="k8s:app.kubernetes.io/component=startupapicheck,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=startupapicheck,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=startupapicheck,k8s:batch.kubernetes.io/controller-uid=4704d9f9-0bb7-49f6-87ff-2550c2d53063,k8s:batch.kubernetes.io/job-name=cert-manager-startupapicheck,k8s:controller-uid=4704d9f9-0bb7-49f6-87ff-2550c2d53063,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-startupapicheck,k8s:io.kubernetes.pod.namespace=cert-manager,k8s:job-name=cert-manager-startupapicheck" ipv4=10.0.0.92 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-v6kx9 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:cert-manager k8s:io.cilium.k8s.namespace.labels.name:cert-manager]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app=startupapicheck;k8s:app.kubernetes.io/component=startupapicheck;k8s:app.kubernetes.io/instance=cert-manager;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=startupapicheck;k8s:app.kubernetes.io/version=v1.11.5;k8s:batch.kubernetes.io/controller-uid=4704d9f9-0bb7-49f6-87ff-2550c2d53063;k8s:batch.kubernetes.io/job-name=cert-manager-startupapicheck;k8s:controller-uid=4704d9f9-0bb7-49f6-87ff-2550c2d53063;k8s:helm.sh/chart=cert-manager-v1.11.5;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager;k8s:io.cilium.k8s.namespace.labels.name=cert-manager;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-startupapicheck;k8s:io.kubernetes.pod.namespace=cert-manager;k8s:job-name=cert-manager-startupapicheck;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=8cf3b3edc9 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=820 identity=34910 identityLabels="k8s:app.kubernetes.io/component=startupapicheck,k8s:app.kubernetes.io/instance=cert-manager,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=startupapicheck,k8s:app.kubernetes.io/version=v1.11.5,k8s:app=startupapicheck,k8s:batch.kubernetes.io/controller-uid=4704d9f9-0bb7-49f6-87ff-2550c2d53063,k8s:batch.kubernetes.io/job-name=cert-manager-startupapicheck,k8s:controller-uid=4704d9f9-0bb7-49f6-87ff-2550c2d53063,k8s:helm.sh/chart=cert-manager-v1.11.5,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager,k8s:io.cilium.k8s.namespace.labels.name=cert-manager,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-startupapicheck,k8s:io.kubernetes.pod.namespace=cert-manager,k8s:job-name=cert-manager-startupapicheck" ipv4=10.0.0.92 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-v6kx9 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=8cf3b3edc9 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=820 identity=34910 ipv4=10.0.0.92 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-v6kx9 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=8cf3b3edc9 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=820 identity=34910 ipv4=10.0.0.92 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-v6kx9 subsys=endpoint level=info msg="Successful endpoint creation" containerID=8cf3b3edc9 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=820 identity=34910 ipv4=10.0.0.92 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-v6kx9 subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="regenerating all endpoints" reason= subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=8cf3b3edc9 endpointID=820 k8sNamespace=cert-manager k8sPodName=cert-manager-startupapicheck-v6kx9 subsys=daemon level=info msg="Releasing key" key="[k8s:app=startupapicheck k8s:app.kubernetes.io/component=startupapicheck k8s:app.kubernetes.io/instance=cert-manager k8s:app.kubernetes.io/managed-by=Helm k8s:app.kubernetes.io/name=startupapicheck k8s:app.kubernetes.io/version=v1.11.5 k8s:batch.kubernetes.io/controller-uid=4704d9f9-0bb7-49f6-87ff-2550c2d53063 k8s:batch.kubernetes.io/job-name=cert-manager-startupapicheck k8s:controller-uid=4704d9f9-0bb7-49f6-87ff-2550c2d53063 k8s:helm.sh/chart=cert-manager-v1.11.5 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=cert-manager k8s:io.cilium.k8s.namespace.labels.name=cert-manager k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=cert-manager-startupapicheck k8s:io.kubernetes.pod.namespace=cert-manager k8s:job-name=cert-manager-startupapicheck]" subsys=allocator level=info msg="Removed endpoint" containerID=8cf3b3edc9 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=820 identity=34910 ipv4=10.0.0.92 ipv6= k8sPodName=cert-manager/cert-manager-startupapicheck-v6kx9 subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.80 9759efb4-d3e5-4156-bfff-12048b378c3a default }" containerID=a1b59095f65a2b1bcd61cb7c86f880c852e6f0b9b2116794800ae5d541133ec9 datapathConfiguration="&{false false false false false }" interface=lxcd1d8cca3974a k8sPodName=ingress-nginx/ingress-nginx-admission-create-zfl9c labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=a1b59095f6 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=942 ipv4=10.0.0.80 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-zfl9c subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=a1b59095f6 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=942 identityLabels="k8s:app.kubernetes.io/component=admission-webhook,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:batch.kubernetes.io/controller-uid=ed9dc6a0-9ab4-4410-854d-f4b483808893,k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-create,k8s:controller-uid=ed9dc6a0-9ab4-4410-854d-f4b483808893,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission,k8s:io.kubernetes.pod.namespace=ingress-nginx,k8s:job-name=ingress-nginx-admission-create" ipv4=10.0.0.80 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-zfl9c subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:ingress-nginx k8s:io.cilium.k8s.namespace.labels.name:ingress-nginx]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=admission-webhook;k8s:app.kubernetes.io/instance=ingress-nginx;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=ingress-nginx;k8s:app.kubernetes.io/part-of=ingress-nginx;k8s:app.kubernetes.io/version=1.12.1;k8s:batch.kubernetes.io/controller-uid=ed9dc6a0-9ab4-4410-854d-f4b483808893;k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-create;k8s:controller-uid=ed9dc6a0-9ab4-4410-854d-f4b483808893;k8s:helm.sh/chart=ingress-nginx-4.12.1;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx;k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission;k8s:io.kubernetes.pod.namespace=ingress-nginx;k8s:job-name=ingress-nginx-admission-create;" subsys=allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Identity of endpoint changed" containerID=a1b59095f6 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=942 identity=3830 identityLabels="k8s:app.kubernetes.io/component=admission-webhook,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:batch.kubernetes.io/controller-uid=ed9dc6a0-9ab4-4410-854d-f4b483808893,k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-create,k8s:controller-uid=ed9dc6a0-9ab4-4410-854d-f4b483808893,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission,k8s:io.kubernetes.pod.namespace=ingress-nginx,k8s:job-name=ingress-nginx-admission-create" ipv4=10.0.0.80 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-zfl9c oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=a1b59095f6 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=942 identity=3830 ipv4=10.0.0.80 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-zfl9c subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=a1b59095f6 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=942 identity=3830 ipv4=10.0.0.80 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-zfl9c subsys=endpoint level=info msg="Successful endpoint creation" containerID=a1b59095f6 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=942 identity=3830 ipv4=10.0.0.80 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-zfl9c subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=a1b59095f6 endpointID=942 k8sNamespace=ingress-nginx k8sPodName=ingress-nginx-admission-create-zfl9c subsys=daemon level=info msg="Releasing key" key="[k8s:app.kubernetes.io/component=admission-webhook k8s:app.kubernetes.io/instance=ingress-nginx k8s:app.kubernetes.io/managed-by=Helm k8s:app.kubernetes.io/name=ingress-nginx k8s:app.kubernetes.io/part-of=ingress-nginx k8s:app.kubernetes.io/version=1.12.1 k8s:batch.kubernetes.io/controller-uid=ed9dc6a0-9ab4-4410-854d-f4b483808893 k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-create k8s:controller-uid=ed9dc6a0-9ab4-4410-854d-f4b483808893 k8s:helm.sh/chart=ingress-nginx-4.12.1 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission k8s:io.kubernetes.pod.namespace=ingress-nginx k8s:job-name=ingress-nginx-admission-create]" subsys=allocator level=info msg="Removed endpoint" containerID=a1b59095f6 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=942 identity=3830 ipv4=10.0.0.80 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-create-zfl9c subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.152 2903a78f-f52e-4df1-95d5-39b151015c6d default }" containerID=013fc6bc38663c3f600d87570e4cfc9a22cd974a8a8afba138008f252c5ead37 datapathConfiguration="&{false false false false false }" interface=lxc6dd98d7b4351 k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-zk52z labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=013fc6bc38 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=684 ipv4=10.0.0.152 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-zk52z subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=013fc6bc38 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=684 identityLabels="k8s:app.kubernetes.io/component=default-backend,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-backend,k8s:io.kubernetes.pod.namespace=ingress-nginx" ipv4=10.0.0.152 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-zk52z subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:ingress-nginx k8s:io.cilium.k8s.namespace.labels.name:ingress-nginx]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=default-backend;k8s:app.kubernetes.io/instance=ingress-nginx;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=ingress-nginx;k8s:app.kubernetes.io/part-of=ingress-nginx;k8s:app.kubernetes.io/version=1.12.1;k8s:helm.sh/chart=ingress-nginx-4.12.1;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx;k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-backend;k8s:io.kubernetes.pod.namespace=ingress-nginx;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=013fc6bc38 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=684 identity=37510 identityLabels="k8s:app.kubernetes.io/component=default-backend,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-backend,k8s:io.kubernetes.pod.namespace=ingress-nginx" ipv4=10.0.0.152 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-zk52z oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=013fc6bc38 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=684 identity=37510 ipv4=10.0.0.152 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-zk52z subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Rewrote endpoint BPF program" containerID=013fc6bc38 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=684 identity=37510 ipv4=10.0.0.152 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-zk52z subsys=endpoint level=info msg="Successful endpoint creation" containerID=013fc6bc38 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=684 identity=37510 ipv4=10.0.0.152 ipv6= k8sPodName=ingress-nginx/ingress-nginx-defaultbackend-6987ff55cf-zk52z subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.127 79f95eba-566b-498d-86d4-420fc95c4ef8 default }" containerID=cc2b6dfd82f2897bc29c01e5cffa022b6ae8014fe553361e0f1ab9c5504c145e datapathConfiguration="&{false false false false false }" interface=lxcde1830d4767c k8sPodName=ingress-nginx/ingress-nginx-admission-patch-8mj6m labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=cc2b6dfd82 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1 ipv4=10.0.0.127 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-8mj6m subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=cc2b6dfd82 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1 identityLabels="k8s:app.kubernetes.io/component=admission-webhook,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:batch.kubernetes.io/controller-uid=9c4157f2-56a4-4b5a-b847-77c251f2d73b,k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-patch,k8s:controller-uid=9c4157f2-56a4-4b5a-b847-77c251f2d73b,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission,k8s:io.kubernetes.pod.namespace=ingress-nginx,k8s:job-name=ingress-nginx-admission-patch" ipv4=10.0.0.127 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-8mj6m subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:ingress-nginx k8s:io.cilium.k8s.namespace.labels.name:ingress-nginx]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=admission-webhook;k8s:app.kubernetes.io/instance=ingress-nginx;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=ingress-nginx;k8s:app.kubernetes.io/part-of=ingress-nginx;k8s:app.kubernetes.io/version=1.12.1;k8s:batch.kubernetes.io/controller-uid=9c4157f2-56a4-4b5a-b847-77c251f2d73b;k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-patch;k8s:controller-uid=9c4157f2-56a4-4b5a-b847-77c251f2d73b;k8s:helm.sh/chart=ingress-nginx-4.12.1;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx;k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission;k8s:io.kubernetes.pod.namespace=ingress-nginx;k8s:job-name=ingress-nginx-admission-patch;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=cc2b6dfd82 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1 identity=12996 identityLabels="k8s:app.kubernetes.io/component=admission-webhook,k8s:app.kubernetes.io/instance=ingress-nginx,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=ingress-nginx,k8s:app.kubernetes.io/part-of=ingress-nginx,k8s:app.kubernetes.io/version=1.12.1,k8s:batch.kubernetes.io/controller-uid=9c4157f2-56a4-4b5a-b847-77c251f2d73b,k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-patch,k8s:controller-uid=9c4157f2-56a4-4b5a-b847-77c251f2d73b,k8s:helm.sh/chart=ingress-nginx-4.12.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx,k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission,k8s:io.kubernetes.pod.namespace=ingress-nginx,k8s:job-name=ingress-nginx-admission-patch" ipv4=10.0.0.127 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-8mj6m oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=cc2b6dfd82 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1 identity=12996 ipv4=10.0.0.127 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-8mj6m subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=cc2b6dfd82 datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=1 identity=12996 ipv4=10.0.0.127 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-8mj6m subsys=endpoint level=info msg="Successful endpoint creation" containerID=cc2b6dfd82 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=1 identity=12996 ipv4=10.0.0.127 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-8mj6m subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="regenerating all endpoints" reason= subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=cc2b6dfd82 endpointID=1 k8sNamespace=ingress-nginx k8sPodName=ingress-nginx-admission-patch-8mj6m subsys=daemon level=info msg="Releasing key" key="[k8s:app.kubernetes.io/component=admission-webhook k8s:app.kubernetes.io/instance=ingress-nginx k8s:app.kubernetes.io/managed-by=Helm k8s:app.kubernetes.io/name=ingress-nginx k8s:app.kubernetes.io/part-of=ingress-nginx k8s:app.kubernetes.io/version=1.12.1 k8s:batch.kubernetes.io/controller-uid=9c4157f2-56a4-4b5a-b847-77c251f2d73b k8s:batch.kubernetes.io/job-name=ingress-nginx-admission-patch k8s:controller-uid=9c4157f2-56a4-4b5a-b847-77c251f2d73b k8s:helm.sh/chart=ingress-nginx-4.12.1 k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=ingress-nginx k8s:io.cilium.k8s.namespace.labels.name=ingress-nginx k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=ingress-nginx-admission k8s:io.kubernetes.pod.namespace=ingress-nginx k8s:job-name=ingress-nginx-admission-patch]" subsys=allocator level=info msg="Removed endpoint" containerID=cc2b6dfd82 datapathPolicyRevision=1 desiredPolicyRevision=1 endpointID=1 identity=12996 ipv4=10.0.0.127 ipv6= k8sPodName=ingress-nginx/ingress-nginx-admission-patch-8mj6m subsys=endpoint level=info msg="Policy Add Request" ciliumNetworkPolicy="[&{EndpointSelector:{\"matchLabels\":{\"k8s:app.kubernetes.io/component\":\"messaging-topology-operator\",\"k8s:app.kubernetes.io/instance\":\"rabbitmq-cluster-operator\",\"k8s:app.kubernetes.io/name\":\"rabbitmq-cluster-operator\",\"k8s:app.kubernetes.io/part-of\":\"rabbitmq\",\"k8s:io.kubernetes.pod.namespace\":\"openstack\"}} NodeSelector:{} Ingress:[{IngressCommonRule:{FromEndpoints:[{}] FromRequires:[] FromCIDR: FromCIDRSet:[] FromEntities:[] aggregatedSelectors:[]} ToPorts:[{Ports:[{Port:9443 Protocol:TCP}] TerminatingTLS: OriginatingTLS: ServerNames:[] Listener: Rules:}] ICMPs:[] Authentication:}] IngressDeny:[] Egress:[{EgressCommonRule:{ToEndpoints:[{}] ToRequires:[] ToCIDR: ToCIDRSet:[] ToEntities:[] ToServices:[] ToGroups:[] aggregatedSelectors:[]} ToPorts:[] ToFQDNs:[] ICMPs:[] Authentication:}] EgressDeny:[] Labels:[k8s:io.cilium.k8s.policy.derived-from=NetworkPolicy k8s:io.cilium.k8s.policy.name=rabbitmq-messaging-topology-operator k8s:io.cilium.k8s.policy.namespace=openstack k8s:io.cilium.k8s.policy.uid=dfd03cbc-0352-4455-8605-e278b5f7b3fa] Description:}]" policyAddRequest=0ad83519-34df-4778-b367-42db2f719f30 subsys=daemon level=info msg="Policy imported via API, recalculating..." policyAddRequest=0ad83519-34df-4778-b367-42db2f719f30 policyRevision=2 subsys=daemon level=info msg="NetworkPolicy successfully added" k8sApiVersion= k8sNetworkPolicyName=rabbitmq-messaging-topology-operator subsys=k8s-watcher level=info msg="Policy Add Request" ciliumNetworkPolicy="[&{EndpointSelector:{\"matchLabels\":{\"k8s:app.kubernetes.io/component\":\"rabbitmq-operator\",\"k8s:app.kubernetes.io/instance\":\"rabbitmq-cluster-operator\",\"k8s:app.kubernetes.io/name\":\"rabbitmq-cluster-operator\",\"k8s:app.kubernetes.io/part-of\":\"rabbitmq\",\"k8s:io.kubernetes.pod.namespace\":\"openstack\"}} NodeSelector:{} Ingress:[{IngressCommonRule:{FromEndpoints:[] FromRequires:[] FromCIDR: FromCIDRSet:[] FromEntities:[] aggregatedSelectors:[]} ToPorts:[] ICMPs:[] Authentication:}] IngressDeny:[] Egress:[{EgressCommonRule:{ToEndpoints:[{}] ToRequires:[] ToCIDR: ToCIDRSet:[] ToEntities:[] ToServices:[] ToGroups:[] aggregatedSelectors:[]} ToPorts:[] ToFQDNs:[] ICMPs:[] Authentication:}] EgressDeny:[] Labels:[k8s:io.cilium.k8s.policy.derived-from=NetworkPolicy k8s:io.cilium.k8s.policy.name=rabbitmq-cluster-operator k8s:io.cilium.k8s.policy.namespace=openstack k8s:io.cilium.k8s.policy.uid=9b782788-208d-4a48-8ebd-c159b434862a] Description:}]" policyAddRequest=e03dc76b-f385-4e01-920a-01c2727fefd8 subsys=daemon level=info msg="NetworkPolicy successfully added" k8sApiVersion= k8sNetworkPolicyName=rabbitmq-cluster-operator subsys=k8s-watcher level=info msg="Policy imported via API, recalculating..." policyAddRequest=e03dc76b-f385-4e01-920a-01c2727fefd8 policyRevision=3 subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.129 b2dac17e-6cdf-4d9e-a754-e0ae8f4b7690 default }" containerID=317f658536105e02c1118110353dfe1734347d6712bf6e78cbbf5e1f403b58da datapathConfiguration="&{false false false false false }" interface=lxcbfd6cab0501a k8sPodName=openstack/rabbitmq-cluster-operator-54f767cff8-2xk9w labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=317f658536 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=956 ipv4=10.0.0.129 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-54f767cff8-2xk9w subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=317f658536 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=956 identityLabels="k8s:app.kubernetes.io/component=rabbitmq-operator,k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=rabbitmq-cluster-operator,k8s:app.kubernetes.io/part-of=rabbitmq,k8s:app.kubernetes.io/version=2.16.1,k8s:helm.sh/chart=rabbitmq-cluster-operator-4.4.34,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-cluster-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.129 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-54f767cff8-2xk9w subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=rabbitmq-operator;k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=rabbitmq-cluster-operator;k8s:app.kubernetes.io/part-of=rabbitmq;k8s:app.kubernetes.io/version=2.16.1;k8s:helm.sh/chart=rabbitmq-cluster-operator-4.4.34;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-cluster-operator;k8s:io.kubernetes.pod.namespace=openstack;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=317f658536 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=956 identity=23714 identityLabels="k8s:app.kubernetes.io/component=rabbitmq-operator,k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=rabbitmq-cluster-operator,k8s:app.kubernetes.io/part-of=rabbitmq,k8s:app.kubernetes.io/version=2.16.1,k8s:helm.sh/chart=rabbitmq-cluster-operator-4.4.34,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-cluster-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.129 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-54f767cff8-2xk9w oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=317f658536 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=956 identity=23714 ipv4=10.0.0.129 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-54f767cff8-2xk9w subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Rewrote endpoint BPF program" containerID=317f658536 datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=956 identity=23714 ipv4=10.0.0.129 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-54f767cff8-2xk9w subsys=endpoint level=info msg="Successful endpoint creation" containerID=317f658536 datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=956 identity=23714 ipv4=10.0.0.129 ipv6= k8sPodName=openstack/rabbitmq-cluster-operator-54f767cff8-2xk9w subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.206 535398b3-1051-4dca-8824-ed94d9b4b632 default }" containerID=03f123885f71431130194be72a824d47d5c766267b31a200e6e43cd96995bbc2 datapathConfiguration="&{false false false false false }" interface=lxc197d3db9c1c3 k8sPodName=openstack/rabbitmq-messaging-topology-operator-6f465c979f-xg7th labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=03f123885f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=614 ipv4=10.0.0.206 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-6f465c979f-xg7th subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=03f123885f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=614 identityLabels="k8s:app.kubernetes.io/component=messaging-topology-operator,k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=rabbitmq-cluster-operator,k8s:app.kubernetes.io/part-of=rabbitmq,k8s:app.kubernetes.io/version=1.17.4,k8s:helm.sh/chart=rabbitmq-cluster-operator-4.4.34,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-messaging-topology-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.206 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-6f465c979f-xg7th subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=messaging-topology-operator;k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=rabbitmq-cluster-operator;k8s:app.kubernetes.io/part-of=rabbitmq;k8s:app.kubernetes.io/version=1.17.4;k8s:helm.sh/chart=rabbitmq-cluster-operator-4.4.34;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-messaging-topology-operator;k8s:io.kubernetes.pod.namespace=openstack;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=03f123885f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=614 identity=32360 identityLabels="k8s:app.kubernetes.io/component=messaging-topology-operator,k8s:app.kubernetes.io/instance=rabbitmq-cluster-operator,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=rabbitmq-cluster-operator,k8s:app.kubernetes.io/part-of=rabbitmq,k8s:app.kubernetes.io/version=1.17.4,k8s:helm.sh/chart=rabbitmq-cluster-operator-4.4.34,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=rabbitmq-messaging-topology-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.206 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-6f465c979f-xg7th oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=03f123885f datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=614 identity=32360 ipv4=10.0.0.206 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-6f465c979f-xg7th subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=03f123885f datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=614 identity=32360 ipv4=10.0.0.206 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-6f465c979f-xg7th subsys=endpoint level=info msg="Successful endpoint creation" containerID=03f123885f datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=614 identity=32360 ipv4=10.0.0.206 ipv6= k8sPodName=openstack/rabbitmq-messaging-topology-operator-6f465c979f-xg7th subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="regenerating all endpoints" reason= subsys=endpoint-manager level=info msg="Create endpoint request" addressing="&{10.0.0.175 3106b918-f501-4d0f-b8c1-7c27e6ea41ba default }" containerID=1b322cedc6d544a676b88cde0f4addcf39006a84b5fbbd3a91462b96bfb14533 datapathConfiguration="&{false false false false false }" interface=lxc798361f05c4b k8sPodName=openstack/pxc-operator-69cb5bbdb9-qhwg8 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=1b322cedc6 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=303 ipv4=10.0.0.175 ipv6= k8sPodName=openstack/pxc-operator-69cb5bbdb9-qhwg8 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=1b322cedc6 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=303 identityLabels="k8s:app.kubernetes.io/component=operator,k8s:app.kubernetes.io/instance=pxc-operator,k8s:app.kubernetes.io/name=pxc-operator,k8s:app.kubernetes.io/part-of=pxc-operator,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=pxc-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.175 ipv6= k8sPodName=openstack/pxc-operator-69cb5bbdb9-qhwg8 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=operator;k8s:app.kubernetes.io/instance=pxc-operator;k8s:app.kubernetes.io/name=pxc-operator;k8s:app.kubernetes.io/part-of=pxc-operator;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=pxc-operator;k8s:io.kubernetes.pod.namespace=openstack;" subsys=allocator level=info msg="Invalid state transition skipped" containerID=1b322cedc6 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=303 endpointState.from=waiting-for-identity endpointState.to=waiting-to-regenerate file=/go/src/github.com/cilium/cilium/pkg/endpoint/policy.go ipv4=10.0.0.175 ipv6= k8sPodName=openstack/pxc-operator-69cb5bbdb9-qhwg8 line=611 subsys=endpoint level=info msg="Identity of endpoint changed" containerID=1b322cedc6 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=303 identity=59479 identityLabels="k8s:app.kubernetes.io/component=operator,k8s:app.kubernetes.io/instance=pxc-operator,k8s:app.kubernetes.io/name=pxc-operator,k8s:app.kubernetes.io/part-of=pxc-operator,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=pxc-operator,k8s:io.kubernetes.pod.namespace=openstack" ipv4=10.0.0.175 ipv6= k8sPodName=openstack/pxc-operator-69cb5bbdb9-qhwg8 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=1b322cedc6 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=303 identity=59479 ipv4=10.0.0.175 ipv6= k8sPodName=openstack/pxc-operator-69cb5bbdb9-qhwg8 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=1b322cedc6 datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=303 identity=59479 ipv4=10.0.0.175 ipv6= k8sPodName=openstack/pxc-operator-69cb5bbdb9-qhwg8 subsys=endpoint level=info msg="Successful endpoint creation" containerID=1b322cedc6 datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=303 identity=59479 ipv4=10.0.0.175 ipv6= k8sPodName=openstack/pxc-operator-69cb5bbdb9-qhwg8 subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Create endpoint request" addressing="&{10.0.0.76 762b4613-a7da-4576-b0af-286a0d79af64 default }" containerID=6494149772ce70eebb7c5f16d31f4c511c7bf6442dc7d0a12f36678c82b94681 datapathConfiguration="&{false false false false false }" interface=lxc65c4159a87f3 k8sPodName=openstack/percona-xtradb-haproxy-0 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=6494149772 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1420 ipv4=10.0.0.76 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=6494149772 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1420 identityLabels="k8s:app.kubernetes.io/component=haproxy,k8s:app.kubernetes.io/instance=percona-xtradb,k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator,k8s:app.kubernetes.io/name=percona-xtradb-cluster,k8s:app.kubernetes.io/part-of=percona-xtradb-cluster,k8s:apps.kubernetes.io/pod-index=0,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=default,k8s:io.kubernetes.pod.namespace=openstack,k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-haproxy-0" ipv4=10.0.0.76 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=haproxy;k8s:app.kubernetes.io/instance=percona-xtradb;k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator;k8s:app.kubernetes.io/name=percona-xtradb-cluster;k8s:app.kubernetes.io/part-of=percona-xtradb-cluster;k8s:apps.kubernetes.io/pod-index=0;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=default;k8s:io.kubernetes.pod.namespace=openstack;k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-haproxy-0;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=6494149772 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1420 identity=17204 identityLabels="k8s:app.kubernetes.io/component=haproxy,k8s:app.kubernetes.io/instance=percona-xtradb,k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator,k8s:app.kubernetes.io/name=percona-xtradb-cluster,k8s:app.kubernetes.io/part-of=percona-xtradb-cluster,k8s:apps.kubernetes.io/pod-index=0,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=default,k8s:io.kubernetes.pod.namespace=openstack,k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-haproxy-0" ipv4=10.0.0.76 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=6494149772 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=1420 identity=17204 ipv4=10.0.0.76 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Rewrote endpoint BPF program" containerID=6494149772 datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=1420 identity=17204 ipv4=10.0.0.76 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 subsys=endpoint level=info msg="Successful endpoint creation" containerID=6494149772 datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=1420 identity=17204 ipv4=10.0.0.76 ipv6= k8sPodName=openstack/percona-xtradb-haproxy-0 subsys=daemon level=info msg="Create endpoint request" addressing="&{10.0.0.176 c10ed496-c1cf-4196-a7f9-7092096693a3 default }" containerID=1cee32d90e80a0df17959a6bb624fc68511a2e5b0806ac7985abc60b0b5bfae9 datapathConfiguration="&{false false false false false }" interface=lxc181c6759d912 k8sPodName=local-path-storage/helper-pod-create-pvc-1ef77296-2f9c-4ca0-a0b3-4c79d73e49de labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=1cee32d90e datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2853 ipv4=10.0.0.176 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-1ef77296-2f9c-4ca0-a0b3-4c79d73e49de subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=1cee32d90e datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2853 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage,k8s:io.cilium.k8s.namespace.labels.name=local-path-storage,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner,k8s:io.kubernetes.pod.namespace=local-path-storage" ipv4=10.0.0.176 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-1ef77296-2f9c-4ca0-a0b3-4c79d73e49de subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:local-path-storage k8s:io.cilium.k8s.namespace.labels.name:local-path-storage]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage;k8s:io.cilium.k8s.namespace.labels.name=local-path-storage;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner;k8s:io.kubernetes.pod.namespace=local-path-storage;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=1cee32d90e datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2853 identity=14718 identityLabels="k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage,k8s:io.cilium.k8s.namespace.labels.name=local-path-storage,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner,k8s:io.kubernetes.pod.namespace=local-path-storage" ipv4=10.0.0.176 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-1ef77296-2f9c-4ca0-a0b3-4c79d73e49de oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=1cee32d90e datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2853 identity=14718 ipv4=10.0.0.176 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-1ef77296-2f9c-4ca0-a0b3-4c79d73e49de subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=1cee32d90e datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=2853 identity=14718 ipv4=10.0.0.176 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-1ef77296-2f9c-4ca0-a0b3-4c79d73e49de subsys=endpoint level=info msg="Successful endpoint creation" containerID=1cee32d90e datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=2853 identity=14718 ipv4=10.0.0.176 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-1ef77296-2f9c-4ca0-a0b3-4c79d73e49de subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="regenerating all endpoints" reason= subsys=endpoint-manager level=info msg="Delete endpoint request" containerID=1cee32d90e endpointID=2853 k8sNamespace=local-path-storage k8sPodName=helper-pod-create-pvc-1ef77296-2f9c-4ca0-a0b3-4c79d73e49de subsys=daemon level=info msg="Releasing key" key="[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=local-path-storage k8s:io.cilium.k8s.namespace.labels.name=local-path-storage k8s:io.cilium.k8s.policy.cluster=default k8s:io.cilium.k8s.policy.serviceaccount=local-path-provisioner k8s:io.kubernetes.pod.namespace=local-path-storage]" subsys=allocator level=info msg="Removed endpoint" containerID=1cee32d90e datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=2853 identity=14718 ipv4=10.0.0.176 ipv6= k8sPodName=local-path-storage/helper-pod-create-pvc-1ef77296-2f9c-4ca0-a0b3-4c79d73e49de subsys=endpoint level=info msg="Create endpoint request" addressing="&{10.0.0.102 3b75d998-ae07-4176-ae31-9714f8a8fcad default }" containerID=9682449028b62eeb0045ef2b4839fc99b205fd542386899df22057b37b20eefe datapathConfiguration="&{false false false false false }" interface=lxcc82c3c5608aa k8sPodName=openstack/percona-xtradb-pxc-0 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=9682449028 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=626 ipv4=10.0.0.102 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=9682449028 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=626 identityLabels="k8s:app.kubernetes.io/component=pxc,k8s:app.kubernetes.io/instance=percona-xtradb,k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator,k8s:app.kubernetes.io/name=percona-xtradb-cluster,k8s:app.kubernetes.io/part-of=percona-xtradb-cluster,k8s:apps.kubernetes.io/pod-index=0,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=default,k8s:io.kubernetes.pod.namespace=openstack,k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-pxc-0" ipv4=10.0.0.102 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Invalid state transition skipped" containerID=9682449028 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=626 endpointState.from=waiting-for-identity endpointState.to=waiting-to-regenerate file=/go/src/github.com/cilium/cilium/pkg/endpoint/policy.go ipv4=10.0.0.102 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 line=611 subsys=endpoint level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=pxc;k8s:app.kubernetes.io/instance=percona-xtradb;k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator;k8s:app.kubernetes.io/name=percona-xtradb-cluster;k8s:app.kubernetes.io/part-of=percona-xtradb-cluster;k8s:apps.kubernetes.io/pod-index=0;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=default;k8s:io.kubernetes.pod.namespace=openstack;k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-pxc-0;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=9682449028 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=626 identity=26197 identityLabels="k8s:app.kubernetes.io/component=pxc,k8s:app.kubernetes.io/instance=percona-xtradb,k8s:app.kubernetes.io/managed-by=percona-xtradb-cluster-operator,k8s:app.kubernetes.io/name=percona-xtradb-cluster,k8s:app.kubernetes.io/part-of=percona-xtradb-cluster,k8s:apps.kubernetes.io/pod-index=0,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=default,k8s:io.kubernetes.pod.namespace=openstack,k8s:statefulset.kubernetes.io/pod-name=percona-xtradb-pxc-0" ipv4=10.0.0.102 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=9682449028 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=626 identity=26197 ipv4=10.0.0.102 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=9682449028 datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=626 identity=26197 ipv4=10.0.0.102 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 subsys=endpoint level=info msg="Successful endpoint creation" containerID=9682449028 datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=626 identity=26197 ipv4=10.0.0.102 ipv6= k8sPodName=openstack/percona-xtradb-pxc-0 subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Create endpoint request" addressing="&{10.0.0.151 b90b3daf-ce66-4732-9cb4-c8d6b3f5cdea default }" containerID=0e5ca1b17dbdbc0a5ab2c71badc26b0bb969fe700cf22b5bfabef0312c693507 datapathConfiguration="&{false false false false false }" interface=lxcc5c68f802b65 k8sPodName=openstack/memcached-memcached-cf56b6468-v79vq labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=0e5ca1b17d datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2714 ipv4=10.0.0.151 ipv6= k8sPodName=openstack/memcached-memcached-cf56b6468-v79vq subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=0e5ca1b17d datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2714 identityLabels="k8s:application=memcached,k8s:component=server,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=memcached-memcached,k8s:io.kubernetes.pod.namespace=openstack,k8s:release_group=memcached" ipv4=10.0.0.151 ipv6= k8sPodName=openstack/memcached-memcached-cf56b6468-v79vq subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:openstack k8s:io.cilium.k8s.namespace.labels.name:openstack]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:application=memcached;k8s:component=server;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack;k8s:io.cilium.k8s.namespace.labels.name=openstack;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=memcached-memcached;k8s:io.kubernetes.pod.namespace=openstack;k8s:release_group=memcached;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=0e5ca1b17d datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2714 identity=57885 identityLabels="k8s:application=memcached,k8s:component=server,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=openstack,k8s:io.cilium.k8s.namespace.labels.name=openstack,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=memcached-memcached,k8s:io.kubernetes.pod.namespace=openstack,k8s:release_group=memcached" ipv4=10.0.0.151 ipv6= k8sPodName=openstack/memcached-memcached-cf56b6468-v79vq oldIdentity="no identity" subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Waiting for endpoint to be generated" containerID=0e5ca1b17d datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2714 identity=57885 ipv4=10.0.0.151 ipv6= k8sPodName=openstack/memcached-memcached-cf56b6468-v79vq subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=0e5ca1b17d datapathPolicyRevision=0 desiredPolicyRevision=3 endpointID=2714 identity=57885 ipv4=10.0.0.151 ipv6= k8sPodName=openstack/memcached-memcached-cf56b6468-v79vq subsys=endpoint level=info msg="Successful endpoint creation" containerID=0e5ca1b17d datapathPolicyRevision=3 desiredPolicyRevision=3 endpointID=2714 identity=57885 ipv4=10.0.0.151 ipv6= k8sPodName=openstack/memcached-memcached-cf56b6468-v79vq subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Policy Add Request" ciliumNetworkPolicy="[&{EndpointSelector:{\"matchLabels\":{\"k8s:app.kubernetes.io/component\":\"keycloak\",\"k8s:app.kubernetes.io/instance\":\"keycloak\",\"k8s:app.kubernetes.io/name\":\"keycloak\",\"k8s:io.kubernetes.pod.namespace\":\"auth-system\"}} NodeSelector:{} Ingress:[{IngressCommonRule:{FromEndpoints:[{}] FromRequires:[] FromCIDR: FromCIDRSet:[] FromEntities:[] aggregatedSelectors:[]} ToPorts:[{Ports:[{Port:7800 Protocol:TCP}] TerminatingTLS: OriginatingTLS: ServerNames:[] Listener: Rules:} {Ports:[{Port:8080 Protocol:TCP}] TerminatingTLS: OriginatingTLS: ServerNames:[] Listener: Rules:}] ICMPs:[] Authentication:}] IngressDeny:[] Egress:[{EgressCommonRule:{ToEndpoints:[{}] ToRequires:[] ToCIDR: ToCIDRSet:[] ToEntities:[] ToServices:[] ToGroups:[] aggregatedSelectors:[]} ToPorts:[] ToFQDNs:[] ICMPs:[] Authentication:}] EgressDeny:[] Labels:[k8s:io.cilium.k8s.policy.derived-from=NetworkPolicy k8s:io.cilium.k8s.policy.name=keycloak k8s:io.cilium.k8s.policy.namespace=auth-system k8s:io.cilium.k8s.policy.uid=d161dc8a-5d3e-4123-b9d0-8c571cccce45] Description:}]" policyAddRequest=7fc3d8e9-75d4-4bd3-a4e2-965973ae7391 subsys=daemon level=info msg="Policy imported via API, recalculating..." policyAddRequest=7fc3d8e9-75d4-4bd3-a4e2-965973ae7391 policyRevision=4 subsys=daemon level=info msg="NetworkPolicy successfully added" k8sApiVersion= k8sNetworkPolicyName=keycloak subsys=k8s-watcher level=info msg="Create endpoint request" addressing="&{10.0.0.79 e8c8d0b4-0b86-4169-b24e-2578a3cd8b12 default }" containerID=582700390c01494aeca0d99877dede391bcdcec729fae6e7b3123a9fbbbf63e2 datapathConfiguration="&{false false false false false }" interface=lxcf946569d2bcc k8sPodName=auth-system/keycloak-0 labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=582700390c datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2775 ipv4=10.0.0.79 ipv6= k8sPodName=auth-system/keycloak-0 subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=582700390c datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2775 identityLabels="k8s:app.kubernetes.io/component=keycloak,k8s:app.kubernetes.io/instance=keycloak,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=keycloak,k8s:app.kubernetes.io/version=24.0.5,k8s:apps.kubernetes.io/pod-index=0,k8s:helm.sh/chart=keycloak-21.4.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=auth-system,k8s:io.cilium.k8s.namespace.labels.name=auth-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=keycloak,k8s:io.kubernetes.pod.namespace=auth-system,k8s:statefulset.kubernetes.io/pod-name=keycloak-0" ipv4=10.0.0.79 ipv6= k8sPodName=auth-system/keycloak-0 subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:auth-system k8s:io.cilium.k8s.namespace.labels.name:auth-system]" subsys=crd-allocator level=info msg="Allocated new global key" key="k8s:app.kubernetes.io/component=keycloak;k8s:app.kubernetes.io/instance=keycloak;k8s:app.kubernetes.io/managed-by=Helm;k8s:app.kubernetes.io/name=keycloak;k8s:app.kubernetes.io/version=24.0.5;k8s:apps.kubernetes.io/pod-index=0;k8s:helm.sh/chart=keycloak-21.4.1;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=auth-system;k8s:io.cilium.k8s.namespace.labels.name=auth-system;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=keycloak;k8s:io.kubernetes.pod.namespace=auth-system;k8s:statefulset.kubernetes.io/pod-name=keycloak-0;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=582700390c datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2775 identity=48376 identityLabels="k8s:app.kubernetes.io/component=keycloak,k8s:app.kubernetes.io/instance=keycloak,k8s:app.kubernetes.io/managed-by=Helm,k8s:app.kubernetes.io/name=keycloak,k8s:app.kubernetes.io/version=24.0.5,k8s:apps.kubernetes.io/pod-index=0,k8s:helm.sh/chart=keycloak-21.4.1,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=auth-system,k8s:io.cilium.k8s.namespace.labels.name=auth-system,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=keycloak,k8s:io.kubernetes.pod.namespace=auth-system,k8s:statefulset.kubernetes.io/pod-name=keycloak-0" ipv4=10.0.0.79 ipv6= k8sPodName=auth-system/keycloak-0 oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=582700390c datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2775 identity=48376 ipv4=10.0.0.79 ipv6= k8sPodName=auth-system/keycloak-0 subsys=endpoint level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Rewrote endpoint BPF program" containerID=582700390c datapathPolicyRevision=0 desiredPolicyRevision=4 endpointID=2775 identity=48376 ipv4=10.0.0.79 ipv6= k8sPodName=auth-system/keycloak-0 subsys=endpoint level=info msg="Successful endpoint creation" containerID=582700390c datapathPolicyRevision=4 desiredPolicyRevision=4 endpointID=2775 identity=48376 ipv4=10.0.0.79 ipv6= k8sPodName=auth-system/keycloak-0 subsys=daemon level=info msg="Conntrack garbage collector interval recalculated" deleteRatio=0.03704610363117095 newInterval=7m30s subsys=map-ct level=info msg="Create endpoint request" addressing="&{10.0.0.70 5d237084-cc12-4c19-a024-e4f331d40b96 default }" containerID=d6cd8f1607fd9a97bd9226fc2df3a28edfc103a820b5faab492146d4ee7f0260 datapathConfiguration="&{false false false false false }" interface=lxc26ca85745523 k8sPodName=secretgen-controller/secretgen-controller-5cf976ccc7-mdxgz labels="[]" subsys=daemon sync-build=true level=info msg="New endpoint" containerID=d6cd8f1607 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3389 ipv4=10.0.0.70 ipv6= k8sPodName=secretgen-controller/secretgen-controller-5cf976ccc7-mdxgz subsys=endpoint level=info msg="Resolving identity labels (blocking)" containerID=d6cd8f1607 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3389 identityLabels="k8s:app=secretgen-controller,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=secretgen-controller,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=secretgen-controller-sa,k8s:io.kubernetes.pod.namespace=secretgen-controller" ipv4=10.0.0.70 ipv6= k8sPodName=secretgen-controller/secretgen-controller-5cf976ccc7-mdxgz subsys=endpoint level=info msg="Skipped non-kubernetes labels when labelling ciliumidentity. All labels will still be used in identity determination" labels="map[k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name:secretgen-controller]" subsys=crd-allocator level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager level=info msg="Allocated new global key" key="k8s:app=secretgen-controller;k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=secretgen-controller;k8s:io.cilium.k8s.policy.cluster=default;k8s:io.cilium.k8s.policy.serviceaccount=secretgen-controller-sa;k8s:io.kubernetes.pod.namespace=secretgen-controller;" subsys=allocator level=info msg="Identity of endpoint changed" containerID=d6cd8f1607 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3389 identity=43103 identityLabels="k8s:app=secretgen-controller,k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name=secretgen-controller,k8s:io.cilium.k8s.policy.cluster=default,k8s:io.cilium.k8s.policy.serviceaccount=secretgen-controller-sa,k8s:io.kubernetes.pod.namespace=secretgen-controller" ipv4=10.0.0.70 ipv6= k8sPodName=secretgen-controller/secretgen-controller-5cf976ccc7-mdxgz oldIdentity="no identity" subsys=endpoint level=info msg="Waiting for endpoint to be generated" containerID=d6cd8f1607 datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=3389 identity=43103 ipv4=10.0.0.70 ipv6= k8sPodName=secretgen-controller/secretgen-controller-5cf976ccc7-mdxgz subsys=endpoint level=info msg="Rewrote endpoint BPF program" containerID=d6cd8f1607 datapathPolicyRevision=0 desiredPolicyRevision=4 endpointID=3389 identity=43103 ipv4=10.0.0.70 ipv6= k8sPodName=secretgen-controller/secretgen-controller-5cf976ccc7-mdxgz subsys=endpoint level=info msg="Successful endpoint creation" containerID=d6cd8f1607 datapathPolicyRevision=4 desiredPolicyRevision=4 endpointID=3389 identity=43103 ipv4=10.0.0.70 ipv6= k8sPodName=secretgen-controller/secretgen-controller-5cf976ccc7-mdxgz subsys=daemon level=info msg="regenerating all endpoints" reason="one or more identities created or deleted" subsys=endpoint-manager