-
Bug
-
Resolution: Won't Do
-
Normal
-
4.19
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
Moderate
-
No
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
The endPort for multinetworkpolicy can be defined when endport is smaller than the port field.
Version-Release number of selected component (if applicable):
build 4.19, openshift/cluster-network-operator#2668
How reproducible:
Always
Steps to Reproduce:
$ cat test_mnp_ingress_endport.yaml
apiVersion: k8s.cni.cncf.io/v1beta1
kind: MultiNetworkPolicy
metadata:
name: ingress-policy
annotations:
k8s.v1.cni.cncf.io/policy-for: tenant1-secondary-layer2
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- from: []
ports:
- protocol: TCP
port: 32000
endPort: 31900$ oc create -f test_mnp_ingress_endport.yaml
multinetworkpolicy.k8s.cni.cncf.io/ingress-policy created
$ oc get multi-networkpolicy ingress-policy -o yaml
apiVersion: k8s.cni.cncf.io/v1beta1
kind: MultiNetworkPolicy
metadata:
annotations:
k8s.v1.cni.cncf.io/policy-for: tenant1-secondary-layer2
creationTimestamp: "2025-04-08T20:42:57Z"
generation: 1
name: ingress-policy
namespace: blue-network
resourceVersion: "114630"
uid: 755f6156-a119-41ad-8635-c9fcf9b07eb2
spec:
ingress:
- from: []
ports:
- endPort: 31900
port: 32000
protocol: TCP
podSelector: {}
policyTypes:
- Ingress
Actual results:
Multinetworkpolicy is created without errors
Expected results:
Multinetworkpolicy will not be created and the error should be displayed in the console.
Additional info:
Check features restrictions in https://kubernetes.io/docs/concepts/services-networking/network-policies/#targeting-a-range-of-ports
- causes
-
CORENET-6304 MultiNetworkPolicy doesn't have the same validations as NetworkPolicy
-
- To Do
-
- relates to
-
CORENET-5645 Support EndPort in MultiNetworkPolicy
-
- Release Pending
-
