Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-1933

Deployed network policy has rule listed twice

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor Minor
    • netobserv-1.8
    • netobserv-1.7, netobserv-1.7-candidate
    • None
    • False
    • None
    • False
    • Hide
      Previously, when deploying the default network policy, namespaces "openshift-console" and "openshift-monitoring" were set by default in the "additionalNamespaces" field, resulting in duplicated rules.
      Now there is no additional namespace set by default, which avoid getting duplicated rules.
      Show
      Previously, when deploying the default network policy, namespaces "openshift-console" and "openshift-monitoring" were set by default in the "additionalNamespaces" field, resulting in duplicated rules. Now there is no additional namespace set by default, which avoid getting duplicated rules.
    • NetObserv - Sprint 260, NetObserv - Sprint 261

      Description of problem:

      When deploying netobserv network policy, the ingress rule for allowing openshift-console ingress connection is listed twice (once with a port restriction, another without).

      Steps to Reproduce:

      1. Install netobserv + FlowCollector with networkPolicy.enable=true and additional namespace left unset
2. check policy (oc get netpol netobserv -oyaml)
3.

      Actual results:

        ingress:
  - from:
    - podSelector: {}
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: netobserv-privileged
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: openshift-console
    ports:
    - port: 9001
      protocol: TCP
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: openshift-user-workload-monitoring
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: openshift-console
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: openshift-monitoring

      Expected results:

      no duplicate section for openshift-console

            [NETOBSERV-1933] Deployed network policy has rule listed twice

            Joel Takvorian added a comment -

            this is a minor thing so I'm setting no-qe

            Joel Takvorian added a comment - this is a minor thing so I'm setting no-qe

            Joel Takvorian added a comment -

            rhn-support-sarthoma I would just skip the release note for this one, it's minor without visible impact

            Joel Takvorian added a comment - rhn-support-sarthoma I would just skip the release note for this one, it's minor without visible impact

            Sara Thomas added a comment - - edited

            jtakvori In this case, would the RN text change since this is a known issue now without the fix. So I guess, now the "Now there is no additional namespace set by default, which avoid getting duplicated rules." doesn't apply? Is there a workaround?

            Sara Thomas added a comment - - edited jtakvori In this case, would the RN text change since this is a known issue now without the fix. So I guess, now the "Now there is no additional namespace set by default, which avoid getting duplicated rules." doesn't apply? Is there a workaround?

            Joel Takvorian added a comment -

            FYI I don't think there's any urgency to have that in 1.7 this can wait 1.8

            Joel Takvorian added a comment - FYI I don't think there's any urgency to have that in 1.7 this can wait 1.8

              jtakvori Joel Takvorian
              jtakvori Joel Takvorian
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: