-
Bug
-
Resolution: Done
-
Normal
-
None
-
4.14
-
Quality / Stability / Reliability
-
False
-
-
2
-
None
-
No
-
None
-
None
-
None
-
OSDOCS Sprint 250, OSDOCS Sprint 251
-
2
-
In Progress
-
Release Note Not Required
-
None
-
None
-
None
-
None
-
None
Description of problem:
Two documentation issue in this doc: https://docs.openshift.com/container-platform/4.14/networking/multiple_networks/configuring-multi-network-policy.html under 'Deny ingress from all pods in all namespaces': 1. This policy cannot be created. The podSelector most be at least an empty dict. 2. Another bug in the same MNP - a policy without policyTypes has no meaning - creating the deny-by-default policy without the policyTypes doesn't have any effect.
Version-Release number of selected component (if applicable):
How reproducible:
Create the following MNP, given as an example in the doc:
apiVersion: k8s.cni.cncf.io/v1beta1
kind: MultiNetworkPolicy
metadata:
name: deny-by-default
annotations:
k8s.v1.cni.cncf.io/policy-for: <network_name>
spec:
podSelector:
ingress: []
Steps to Reproduce:
1.
2.
3.
Actual results:
The MultiNetworkPolicy "deny-by-default" is invalid: spec.podSelector: Required value
Expected results:
This should be the MNP example for this case:
apiVersion: k8s.cni.cncf.io/v1beta1
kind: MultiNetworkPolicy
metadata:
name: deny-by-default
annotations:
k8s.v1.cni.cncf.io/policy-for:<nemespace_name>/<network_name>
spec:
podSelector: {}
policyTypes:
- Ingress
ingress: []
Additional info:
