Bug 2032960

Summary: Network policies are not blocking egress traffic
Product: OpenShift Container Platform Reporter: Andy Bartlett <andbartl>
Component: NetworkingAssignee: Andrew Stoycos <astoycos>
Networking sub component: ovn-kubernetes QA Contact: Anurag saxena <anusaxen>
Status: CLOSED DUPLICATE Docs Contact:
Severity: high    
Priority: high CC: surya
Version: 4.7   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-01-06 21:38:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andy Bartlett 2021-12-15 14:47:45 UTC 
Description of problem:
I have a customer that has an issue that network policies are not blocking egress traffic. They have one deployment in which the egress network policy is not applied to new pods, but when the network policies are removed and recreated they work.

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. Create Namespace
2. Create NetworkPolicies
3. Create Statefulset.
4. Start a shell in a statefulset Pod and try to bypass the networkpolices, for example:
   'curl https://www.google.nl'.
   Result: you reach the google website

5. Delete Networkpolicies.
6. Create Networkpolices
7. Start a shell in a statefulset Pod and try to bypass the networkpolices, for example:
   'curl https://www.google.nl'.
   Result: you can NOT reach the google website (edited) 

Actual results:
In the first steps (1 to 4) you can access the internet, this is wrong !!!

Expected results:
You should not be able to reach the internet in the first steps above (1 to 4)


Additional info: