Tag: CNI
Problems related to Container Network Interface
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| CRE-2025-0106 High Impact: 0/10 Mitigation: 0/10 | Ambient CNI Sandbox Creation Failure | Detects when the Istio CNI plugin fails to set up a pod's network sandbox in Ambient mode. Two common root causes are: 1. **No ztunnel connection** (CNI cannot contact the node-level ztunnel agent). | Istio Ambient Troubleshooting | ambient | IstioCNIAmbient |
| CRE-2025-0108 High Impact: 0/10 Mitigation: 0/10 | Ambient mode readiness probe failures | In Ambient mode, Istio applies a SNAT rule so that kubelet probe traffic appears from 169.254.7.127 and is bypassed by the data-plane. If you see **Readiness probe failed** events begin only after enabling Ambient, it almost always means that SNAT/bypass isn't working in your CNI or networking environment. | Istio Ambient Troubleshooting | ambient | IstioAmbientCNI |