Bug 1962569
| Summary: | NetworkPolicy details page should also show Egress rules | ||||||
|---|---|---|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Yadan Pei <yapei> | ||||
| Component: | Management Console | Assignee: | Joel Takvorian <jtakvori> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Yadan Pei <yapei> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 4.8 | CC: | aos-bugs, jokerman, jtakvori, yapei | ||||
| Target Milestone: | --- | ||||||
| Target Release: | 4.8.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: |
Issue:
When Network Provider "OVNKubernetes" is used instead of "OpenShiftSDN", NetworkPolicies can have an egress section. That egress section wasn't displayed in the corresponding details page of a NetworkPolicy.
Fix / Result:
Display the egress rules in a format similar to ingress rules.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2021-07-27 23:09:30 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Note that, not showing egress rules made sense as long as openshift-sdn was the only possible CNI plugin, as it doesn't support egress. Now, when ovn-k is used as a cni plugin, egress rules are supported. I suggest adding a small explanation text about when egress rules are supported or not, like it's done in https://issues.redhat.com/browse/NETOBSERV-4. Note also that a RFE was created in order to expose information about CNI plugin in use: https://issues.redhat.com/browse/RFE-1873 ; when implemented, it will be possible to modify how egress rules are displayed (ie. hide it or show warning when there's an egress rule while openshift SDN is used - and remove the explanation text when ovn-k is used) with the fix now we show Egress rules table on NetworkPolicy details page, as described in comment #1 how egress rules can be displayed is not in the scope of this bug, so now everything is working as expected Verified on 4.8.0-0.nightly-2021-05-26-172234 Created attachment 1787475 [details]
Egress rules table on NetworkPolicy details page
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 |
Description of problem: NetworkPolicy details page only shows Ingress rule table, maybe we should also show Egress rules, only in this way user can have a complete view of networkpolicy object Version-Release number of selected component (if applicable): 4.8.0-0.nightly-2021-05-19-123944 How reproducible: Always Steps to Reproduce: 1. create a networkpolicy with below YAML which defines ingress and egress rules apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: test-network-policy namespace: default spec: podSelector: matchLabels: role: db policyTypes: - Ingress - Egress ingress: - from: - ipBlock: cidr: 172.17.0.0/16 except: - 172.17.1.0/24 - namespaceSelector: matchLabels: project: myproject - podSelector: matchLabels: role: frontend ports: - protocol: TCP port: 6379 egress: - to: - ipBlock: cidr: 10.0.0.0/24 ports: - protocol: TCP port: 5978 2. check networkpolicy details at Networking -> NetworkPolicies -> click on 'test-network-policy' Actual results: 2. NetworkPolicy details page only shows 'Ingress rules' table, maybe we should also show 'Egress rules' table, Egress rules is also important part for NetworkPolicy and only in this way we have a complete view of networkpolicy rules Expected results: Additional info: