NP does not enforce egress traffic to a matched service
Bug #1849139 reported by
Maysa de Macedo Souza
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kuryr-kubernetes |
In Progress
|
Undecided
|
Maysa de Macedo Souza |
Bug Description
We're not taking into account the case of a Network Policy with an egress rule to a pod that contains a Service sitting in front of it. Right now, only an egress rule to the matched pod is created, when one for the matched SVC is also required.
Changed in kuryr-kubernetes: | |
assignee: | nobody → Maysa de Macedo Souza (maysa) |
status: | New → In Progress |
To post a comment you must log in.
Reviewed: https:/ /review. opendev. org/689102 /git.openstack. org/cgit/ openstack/ kuryr-kubernete s/commit/ ?id=db1b24fcf62 7e00ca7a5411645 38bdfe860ddf2c
Committed: https:/
Submitter: Zuul
Branch: master
commit db1b24fcf627e00 ca7a541164538bd fe860ddf2c
Author: Maysa Macedo <email address hidden>
Date: Thu Oct 17 08:54:47 2019 +0000
Ensure Network Policy handles egress traffic to a SVC
We're not taking into account the case of a Network Policy
with an egress rule to a pod that contains a Service sitting
in front of it. Right now, only an egress rule to the matched
pod is created, when one for the matched SVC is also required.
Related-Bug: 1849139 e5ec1a98fcbca22 af992dd1bec
Change-Id: I9830f30ba1fde3