[K8s-R5.0]: Priority order of attached FW policy to default APS named k8s turns wrong and k8s-Ingress policy loses its association with k8s APS
Bug #1768475 reported by
Pulkit Tandon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R5.0 |
Fix Released
|
Medium
|
Dinesh Bakiaraj | |||
Trunk |
Fix Released
|
Medium
|
Dinesh Bakiaraj |
Bug Description
Configuration:
K8s 1.9.2
coat-5.0-45
Centos-7.4
Setup:
5 node setup.
1 Kube master. 3 Controller.
2 Agent+ K8s slaves
In a freshly configured setup, ran a test case which involve creating of new namespaces, pods and network policies.
Noticed that the association of k8s-Ingress Firewall Policy with APS "k8s" is lost.
Also, the policy priority order is not maintained.
This result in k8s-allow policy to have the highest precedence.
Because of this, no firewall policy is going to take any effect and all traffic will pass.
Attached are the snapshots to explain the issue
summary: |
- [K8s-R5.0]: Ingress policy loses its association with k8s APS + [K8s-R5.0]: Priority order of attached FW policy to default APS named + k8s turns wrong and Ingress policy loses its association with k8s APS |
summary: |
[K8s-R5.0]: Priority order of attached FW policy to default APS named - k8s turns wrong and Ingress policy loses its association with k8s APS + k8s turns wrong and k8s-Ingress policy loses its association with k8s + APS |
tags: |
added: sanity removed: sanityblocker |
tags: |
added: sanityblocker removed: sanity |
tags: |
added: sanity removed: sanityblocker |
tags: | added: k8s |
tags: | removed: sanityblocker |
To post a comment you must log in.
Workaround is to restart all the contrail- kube-manager