Uploaded image for project: 'OpenShift SDN'
  1. OpenShift SDN
  2. SDN-4189

Create a Documentation/KCS that outlines the specific issues SD could run into with NetworkPolicies



    • Story
    • Resolution: Done
    • Critical
    • None
    • None
    • None
    • None
    • SDN Sprint 244, SDN Sprint 245, SDN Sprint 246
    • 0
    • 0


      Theme: Ensure 4.12 SD is as stable as 4.13 SD. See what all are present in 4.14/4.13 that are missing in 4.12 from OVNK pov

      We need to come up with a KCS article for 4.12/4.13 around network policies issues. Some things it should cover are:

      • extensive list of what could go wrong like using except blocks and port ranges in networkpolicies
      • sample network policy yamls that showcase these patterns, talk about the OVN/OVS level flow explosion
      • how to detect issues via alerts -> acl counts? ovs cpu?
      • are there any other ways to express the same policy better as workaround?

      Check the existing network policies used by SD MCs and review them to see they are efficient

      Talk about how the new OVN 23.06 will fix the except block issue and if we need to backport those port range fixes then yes that too

      • Verify the fix works?

      Goal: End result should be a document and backports if needed outside of the OVN bump planned as part of https://issues.redhat.com/browse/OCPBUGS-22091 

      See https://issues.redhat.com/browse/OCPBUGS-22091?focusedId=23320502&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-23320502 for details.




            npinaeva@redhat.com Nadia Pinaeva
            sseethar Surya Seetharaman
            0 Vote for this issue
            2 Start watching this issue