NP does not enforce egress traffic to a matched service
Bug #1849139 reported by
Maysa de Macedo Souza
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| kuryr-kubernetes |
In Progress
|
Undecided
|
Maysa de Macedo Souza | ||
Bug Description
We're not taking into account the case of a Network Policy with an egress rule to a pod that contains a Service sitting in front of it. Right now, only an egress rule to the matched pod is created, when one for the matched SVC is also required.
| Changed in kuryr-kubernetes: | |
| assignee: | nobody → Maysa de Macedo Souza (maysa) |
| status: | New → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Related fix merged to kuryr-kubernetes (master) | #1 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Related fix proposed to kuryr-kubernetes (stable/train) | #2 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Related fix merged to kuryr-kubernetes (stable/train) | #3 |
| tags: | added: in-stable-train |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: Zuul
Branch: master
commit db1b24fcf627e00
Author: Maysa Macedo <email address hidden>
Date: Thu Oct 17 08:54:47 2019 +0000
Ensure Network Policy handles egress traffic to a SVC
We're not taking into account the case of a Network Policy
with an egress rule to a pod that contains a Service sitting
in front of it. Right now, only an egress rule to the matched
pod is created, when one for the matched SVC is also required.
Related-Bug: 1849139
Change-Id: I9830f30ba1fde3