Bug 1547284
Summary: | Do not allow 'default' project to be isolated using 'oc adm pod-network' cmd | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Ravi Sankar <rpenta> |
Component: | Networking | Assignee: | Ravi Sankar <rpenta> |
Status: | CLOSED ERRATA | QA Contact: | Meng Bo <bmeng> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 3.9.0 | CC: | aos-bugs, hongli |
Target Milestone: | --- | ||
Target Release: | 3.9.0 | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: We allow isolation of 'default' project which is global (VNID=0)
Consequence: Once it is isolated, other namespaces won't be able to reach the kube api.
Fix: Forbid isolation of 'default' project
Result: Other namespaces will always be able to reach kube api which is expected.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2018-03-28 14:29:21 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ravi Sankar
2018-02-21 00:03:14 UTC
Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/0ad3c112b6cce72fb4192b48b132491e60eb45b0 Merge pull request #18687 from pravisankar/fix-isolate-projects Automatic merge from submit-queue. Bug 1547284 - Do not allow 'default' project to be isolated using 'oc adm pod-network' verified in atomic-openshift-3.9.0-0.53.0.git.0.3b81e2d.el7.x86_64 and issue has been fixed. "default" project is not allowed to be isolated now. # oc adm pod-network isolate-projects default error: network isolation for project "default" is forbidden # oc get netnamespace NAME NETID EGRESS IPS default 0 [] Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0489 |