Uploaded image for project: 'Product Technical Learning'
  1. Product Technical Learning
  2. PTL-15744

DO430: ch04s02 - network policy application order issue - RHT2494885

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • DO430 - RHACS4.6-en-2-20250408
    • DO430
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • 4
    • en-US (English)

      URL: https://rol.redhat.com/rol/app/courses/do430-4.6/pages/ch04s07
      Reporter RHNID: cosly
      Section title: Guided Exercise: Analyze Network Flows and Manage Network Baselines
      Language: English

      Issue description

      The lab has a bug while running the deploy pipeline. If the default deny all into the namespace gets applied 5th instead of 6th (of all Network Policies), the access to namespace is cut off and therefore, the final network policy can no longer be applied during pipeline run, therefore it will always fail. There is a workaround to remove the policy during deployment but I think it should not work this way.

      I see that there is already an admonition, but being this the case, it doesn't seem like a good setup. 

       

      Workaround:
      ensure that all network policies are applied in the correct order within the deploy pipeline script or process, specifically placing the default deny all into namespace as the final policy to be applied (6th step) rather than any other.

        1. image-2025-11-11-17-38-03-654.png
          image-2025-11-11-17-38-03-654.png
          73 kB

              rhn-support-niroy Niladri Roy
              carias@redhat.com Carlos Arias
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: