https://rancher.com/ logo
Title
b

broad-petabyte-50341

09/28/2022, 8:52 PM
Hey all, quick question, after upgrading from rke2
1.22.6
->
1.22.13
with my CNI set to
cilium
I'm getting failures with some of my pods making connections to postgres. The pods in question are in the same namespace, I'm able to connect to the database manually, the pods have the correct creds but they can't connect and I'm not getting a helpful error message. Reverting to 1.22.6 fixes the issue.
I've done a lot things to try and identify the issue but the only thing I can see is that switching versions of RKE2 has an effect. I know that that also introduces an upgrade of cilium. Also those pods are in an istio service mesh. If anyone has any ideas, even just something that might be useful to dig through I would be greatly appreciative! Thank you!
g

gray-lawyer-73831

09/28/2022, 9:07 PM
I can give you a handful of issues potentially related to cilium or networking since then! • https://github.com/rancher/rke2/issues/3292https://github.com/rancher/rke2/issues/3188https://github.com/rancher/rke2/issues/3130https://github.com/rancher/rke2/issues/2974https://github.com/rancher/rke2/issues/2875https://github.com/rancher/rke2/issues/2746https://github.com/rancher/rke2/issues/2608 It’s possible I missed some, but as you can see a lot of those are just version bumps. The two most notable things here are the dualstack support that was added and the update of ingress-nginx removing
hostNetwork: true
, but this last one even is more an effect on ingress resources than anything else
c

creamy-pencil-82913

09/29/2022, 2:29 AM
You might also check to see if istio lists supported CNI versions
p

plain-byte-79620

09/29/2022, 9:36 AM
Are you using istio following cilium integration (https://docs.cilium.io/en/v1.10/gettingstarted/istio/) or it was deployed without it?