Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-45980

Multi-NetworkPolicy IPBlock definition with pod & namespace selector

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Important
    • No
    • None
    • None
    • CNF Network Sprint 268, CNF Network Sprint 269, CNF Network Sprint 271, CNF Network Sprint 272, CNF Network Sprint 273, CNF Network Sprint 276, CNF Network Sprint 278, CNF Network Sprint 279
    • 8
    • In Progress
    • Bug Fix
    • Hide
      Cause – the user creates a MultiNetworkPolicy with a rule with both IPBlock field and the pair podSelector/namespaceSelector field populated.
      Consequence – the podSelector/namespaceSelector field pair is honored
      Fix – The MultiNetworkPolicy controller has been fixed
      Result – The MultiNetworkPolicy controller now honors the IPBlock field
      Show
      Cause – the user creates a MultiNetworkPolicy with a rule with both IPBlock field and the pair podSelector/namespaceSelector field populated. Consequence – the podSelector/namespaceSelector field pair is honored Fix – The MultiNetworkPolicy controller has been fixed Result – The MultiNetworkPolicy controller now honors the IPBlock field
    • None
    • None
    • None
    • None

      Description of problem: As per the documentation, if IPBlock is defined, podSelector and namespaceSelector cannot be defined. So we interpret that in case if all 3 are defined IPBlock should take precedence. During testing with all 3 defined, priority is given to podSelector and namespaceSelector and IPBlock is ignored. Since this is a negative case, i am setting it to low priority.

      Version-Release number of selected component (if applicable): 4.18

      How reproducible: 100%

      Steps to Reproduce:
      1. Create a Multi-NetworkPolicy with egress/ingress rule with podSelector, namespaceSelector and IPBlock

      Actual results: podSelector and namespaceSelector is considered

      Expected results: IPBlock to be considered

      Additional info:

              apanatto@redhat.com Andrea Panattoni
              rh-ee-ajaggapa Anvesh Jaggapatruni
              None
              None
              Anvesh Jaggapatruni Anvesh Jaggapatruni
              None
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: