Network Policy Issues leading to redis + more traffic getting dropped

[travisby]

Hello!

I generally have argo manage itself, and do not version pin. Since a few days ago, I've had trouble with argo talking to its various properties.

Pinning to 2.14.2 fixed the issue, so I imagine it's in there somewhere!

master...v2.14.2

( - https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.2/manifests/install.yaml
vs - https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/install.yaml
)

When the problem is occuring, I see this with cilium dbg:

travis@travis-framework:~/dev/k8s/apps/cluster/argocd/argo-cd$ k  exec -ti ds/cilium -- cilium-dbg monitor --type drop
Defaulted container "cilium-agent" out of: cilium-agent, config (init), apply-sysctl-overwrites (init), mount-bpf-fs (init), clean-cilium-state (init), install-cni-binaries (init)
Listening for events on 8 CPUs with 64x4096 of shared memory
Press Ctrl-C to quit
time="2025-02-18T12:52:46Z" level=info msg="Initializing dissection cache..." subsys=monitor
xx drop (Policy denied) flow 0x0 to endpoint 1853, ifindex 4, file bpf_lxc.c:2067, , identity kube-apiserver->12859: 192.168.7.235:48478 -> 10.244.3.159:6379 tcp SYN
xx drop (Policy denied) flow 0x0 to endpoint 1853, ifindex 4, file bpf_lxc.c:2067, , identity kube-apiserver->12859: 192.168.7.235:60390 -> 10.244.3.159:6379 tcp SYN
xx drop (Policy denied) flow 0x0 to endpoint 1853, ifindex 4, file bpf_lxc.c:2067, , identity kube-apiserver->12859: 192.168.7.235:48478 -> 10.244.3.159:6379 tcp SYN
xx drop (Policy denied) flow 0x0 to endpoint 1853, ifindex 4, file bpf_lxc.c:2067, , identity kube-apiserver->12859: 192.168.7.235:60390 -> 10.244.3.159:6379 tcp SYN

Odd, the traffic is coming in with the kube-apiserver identity, and host IP, rather than as the other argo pods!

I can provide more details later, just wanted to write something down quick before I forgot.