Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-1933

Deployed network policy has rule listed twice

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor Minor
    • netobserv-1.8
    • netobserv-1.7, netobserv-1.7-candidate
    • None
    • False
    • None
    • False
    • Hide
      Previously, when deploying the default network policy, namespaces "openshift-console" and "openshift-monitoring" were set by default in the "additionalNamespaces" field, resulting in duplicated rules.
      Now there is no additional namespace set by default, which avoid getting duplicated rules.
      Show
      Previously, when deploying the default network policy, namespaces "openshift-console" and "openshift-monitoring" were set by default in the "additionalNamespaces" field, resulting in duplicated rules. Now there is no additional namespace set by default, which avoid getting duplicated rules.
    • NetObserv - Sprint 260, NetObserv - Sprint 261

      Description of problem:

      When deploying netobserv network policy, the ingress rule for allowing openshift-console ingress connection is listed twice (once with a port restriction, another without).

      Steps to Reproduce:

      1. Install netobserv + FlowCollector with networkPolicy.enable=true and additional namespace left unset
2. check policy (oc get netpol netobserv -oyaml)
3.

      Actual results:

        ingress:
  - from:
    - podSelector: {}
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: netobserv-privileged
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: openshift-console
    ports:
    - port: 9001
      protocol: TCP
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: openshift-user-workload-monitoring
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: openshift-console
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: openshift-monitoring

      Expected results:

      no duplicate section for openshift-console

            jtakvori Joel Takvorian
            jtakvori Joel Takvorian
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: