There's a Bug in VPC CNI v1.21.0 That Silently Drops All Traffic
Hey there,
I was implementing NetworkPolicies on our EKS clusters when I found a bug (that has since been fixed) in the AWS Network Policy Agent code which resulted in my ALLOW rules becoming DENY rules.
I've detailed the debugging journey in this post, which included dumping the raw eBPF maps from the nodes and going over the agent's Go code.
Super interesting find in my opinion, but you'll be the judge :)
Enjoy
u/12HobbieZ — 2 days ago