[k8s] SG is not created when networkpolicy is created with namespace filter only
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
Trunk |
Fix Committed
|
High
|
Yuvaraja Mariappan |
Bug Description
R4.0 3049, with kube-manager latest code
Steps :
Create a web-label pod S2 in namespace ns1
Create client labeled-pod C1 in namespace ns1
Create client labeled-pod C1 in namespace ns2
Enable namespace isolation in ns0
HTTP from C1 to S1 and C2 to S1 should fail
HTTP from C1 to S2 and C2 to S2 should pass
Create a network policy in ns0 to allow traffic from namespace ns1
HTTP from C1 to S1 should pass
After creating the network policy, it is seen that a corresponding SG is not created at all. Traffic is failing
policy object details are shown below
(Pdb) ns0= c1.v1_beta_
(Pdb) print ns0
{'api_version': 'extensions/
'kind': 'NetworkPolicy',
'metadata': {'annotations': None,
'spec': {'ingress': [{'_from': [{'namespace_
Changed in juniperopenstack: | |
assignee: | Yuvaraja Mariappan (ymariappan-u) → ymariappan (ymariappan) |
Review in progress for https:/ /review. opencontrail. org/30447
Submitter: Yuvaraja Mariappan