-
Bug
-
Resolution: Done
-
Major
-
None
-
4.12.z, 4.11.z
-
None
Description of problem:
After an egressFW rule is created incorrectly (missing CIDR annotation), it will not get any configuration change to fix it.
How reproducible:
Create a wrong egressFW with missing CIDR annotation, then try to update it
Steps to Reproduce:
1. Create an EgressFW with missing CIDR notations. The rules are not correctly applied:
[quickcluster@upi-0 ~]$ oc apply -f egressko.yaml egressfirewall.k8s.ovn.org/default created [quickcluster@upi-0 ~]$ oc get egressfirewalls.k8s.ovn.org NAME EGRESSFIREWALL STATUS default EgressFirewall Rules not correctly added
2. Update the rule, adding the CIDR to correct it. The rules keep not being applied:
[quickcluster@upi-0 ~]$ oc apply -f egressok.yaml egressfirewall.k8s.ovn.org/default configured [quickcluster@upi-0 ~]$ oc get egressfirewalls.k8s.ovn.org NAME EGRESSFIREWALL STATUS default EgressFirewall Rules not correctly added #
3. Try removing the egressFW and creating it from scratch. The status is empty:
[quickcluster@upi-0 ~]$ oc delete egressfirewalls.k8s.ovn.org default egressfirewall.k8s.ovn.org "default" deleted [quickcluster@upi-0 ~]$ oc apply -f egressok.yaml egressfirewall.k8s.ovn.org/default created [quickcluster@upi-0 ~]$ oc get egressfirewalls.k8s.ovn.org NAME EGRESSFIREWALL STATUS default
4. Last try is deleting the namespace and recreating it. The status keeps empty:
[quickcluster@upi-0 ~]$ oc delete project firewall-test project.project.openshift.io "firewall-test" deleted [quickcluster@upi-0 ~]$ oc new-project firewall-test [quickcluster@upi-0 ~]$ oc apply -f egressok.yaml egressfirewall.k8s.ovn.org/default created [quickcluster@upi-0 ~]$ oc get egressfirewalls.k8s.ovn.org -n firewall-test NAME EGRESSFIREWALL STATUS default
If the rule is applied in a new namespace, it works fine.
[quickcluster@upi-0 ~]$ oc new-project firewall-test1 [quickcluster@upi-0 ~]$ oc apply -f egressok.yaml egressfirewall.k8s.ovn.org/default created [quickcluster@upi-0 ~]$ oc get egressfirewalls.k8s.ovn.org -n firewall-test1 NAME EGRESSFIREWALL STATUS default EgressFirewall Rules applied
Actual results:
The rule is not fixed
Expected results:
The rule is fixed
- clones
-
OCPBUGS-15182 Cannot fix a misconfigured Egress Firewall
- Closed
- depends on
-
OCPBUGS-15182 Cannot fix a misconfigured Egress Firewall
- Closed
- is cloned by
-
OCPBUGS-15719 [4.12] Cannot fix a misconfigured Egress Firewall
- Closed
- is depended on by
-
OCPBUGS-15719 [4.12] Cannot fix a misconfigured Egress Firewall
- Closed
- links to