NPs for svc don't react to namespace labels updates
Bug #1845977 reported by
Luis Tomas Bolivar
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| kuryr-kubernetes |
Fix Released
|
High
|
Luis Tomas Bolivar | ||
Bug Description
When there is a pod (and a svc) with a NP allowing access from a namespace with a given label, and another namespace label is updated to have the allowed label, the NP SG rules that are applied to the initial pod are updated to allow the updated namespace but not the rules on the loadbalancers, so the traffic does not go through.
| Changed in kuryr-kubernetes: | |
| assignee: | nobody → Luis Tomas Bolivar (ltomasbo) |
| Changed in kuryr-kubernetes: | |
| status: | New → In Progress |
| description: | updated |
| Changed in kuryr-kubernetes: | |
| importance: | Undecided → High |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to kuryr-kubernetes (master) | #1 |
| Changed in kuryr-kubernetes: | |
| status: | In Progress → Fix Released |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to kuryr-kubernetes (stable/train) | #2 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to kuryr-kubernetes (stable/train) | #3 |
| tags: | added: in-stable-train |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: Zuul
Branch: master
commit 232509ee66a43a9
Author: Luis Tomas Bolivar <email address hidden>
Date: Mon Sep 30 18:16:37 2019 +0200
Ensure lb sg rules are updated upon namespace label updates
This patch ensures lb sg rules are updated when NPs reference to
namespace labels through namespace selectors. The affected svc
will be updated after namespace label is updated and due to that it
either starts or stops being referenced by the NP.
Closes-Bug: 1845977
Change-Id: I2d454f38767620