-
Bug
-
Resolution: Won't Do
-
Normal
-
None
-
4.12
-
None
-
False
-
-
-
-
08/27 won't be addressed in 4.12. BQI:Fair
-
-
Steps to reproduce:
oc new-project foo
cat << EOF| oc create -f -
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-openshift-ingress
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
policy-group.network.openshift.io/ingress: ""
podSelector: {}
policyTypes:
- Ingress
EOF
cat << EOF| oc create -f -
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-openshift-monitoring
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
network.openshift.io/policy-group: monitoring
podSelector: {}
policyTypes:
- Ingress
EOF
cat << EOF| oc create -f -
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: allow-same-namespace
spec:
podSelector:
ingress:
- from:
- podSelector: {}
EOF
cat << EOF| oc create -f -
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-kube-apiserver-operator
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: openshift-kube-apiserver-operator
podSelector:
matchLabels:
app: kube-apiserver-operator
policyTypes:
- Ingress
EOF
oc create deployment foo --image=quay.io/fedora/fedora – python3 -m http.server
oc create service clusterip foo --tcp=8000
oc patch svc foo --type merge --patch '{"spec":{"type":"LoadBalancer"}}'
oc new-project bar
oc debug – curl -sLo /dev/null -w '%{http_code}\n' <EXTERNAL-IP>:8000
Actual results: The ExternalIP is accessible on OpenShiftSDN and not accessible on OVN-K.
