-
Bug
-
Resolution: Won't Do
-
Normal
-
4.19
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
Moderate
-
No
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
The endPort for multinetworkpolicy can only be defined when port is not defined
Version-Release number of selected component (if applicable):
build 4.19, openshift/cluster-network-operator#2668
How reproducible:
Always
Steps to Reproduce:
$ cat test_mnp_ingress_endport.yaml
apiVersion: k8s.cni.cncf.io/v1beta1
kind: MultiNetworkPolicy
metadata:
name: ingress-policy
annotations:
k8s.v1.cni.cncf.io/policy-for: tenant1-secondary-layer2
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- from: []
ports:
- protocol: TCP
endPort: 32768$ oc create -f test_mnp_ingress_endport.yaml
multinetworkpolicy.k8s.cni.cncf.io/ingress-policy created
$ oc get multi-networkpolicy
NAME AGE
ingress-policy 18s
$ oc get multi-networkpolicy ingress-policy -o yaml
apiVersion: k8s.cni.cncf.io/v1beta1
kind: MultiNetworkPolicy
metadata:
annotations:
k8s.v1.cni.cncf.io/policy-for: tenant1-secondary-layer2
creationTimestamp: "2025-04-08T20:38:13Z"
generation: 1
name: ingress-policy
namespace: blue-network
resourceVersion: "113500"
uid: f09b081b-4e6d-44d9-9e77-d8df2d8034bf
spec:
ingress:
- from: []
ports:
- endPort: 32768
protocol: TCP
podSelector: {}
policyTypes:
- Ingress
Actual results:
Multinetworkpolicy is created without errors
Expected results:
Multinetworkpolicy will not be created and the error should be displayed in the console.
Additional info:
Check features restrictions in https://kubernetes.io/docs/concepts/services-networking/network-policies/#targeting-a-range-of-ports
- causes
-
CORENET-6304 MultiNetworkPolicy doesn't have the same validations as NetworkPolicy
-
- To Do
-
- relates to
-
CORENET-5645 Support EndPort in MultiNetworkPolicy
-
- Release Pending
-
