I can’t login to the nodes over ssh. So blocking that works but apparently have some very bad side effect. Api communication down.

Someone in the know whether k3s uses ssh for internal communication? As far as I know it doesn’t … so I’m very surprised by this behavior.

Thank you very much.

Okay! I recovered “myself”. By going into recovery mode on the OS >> new user >> delete the policy with a good ol’ kubectl delete command … and we’re back. I also, I think, now understand the root cause. It’s the way Cilium<>Kubernetes goes into enforcement mode - where. As soon as a policy applies to an endpoint … everything NOT mentioned in the rule is denied.