@Juan, developer has opened bug #1613280 for 3.9 and fixed it.
In openshift v3.10.72 network: redhat/openshift-ovs-subnet and asb 1.2.17, I haven't reproduced it. When provision and deprovision, it will create a new networkpolicy like: apiVersion: v1 items: - apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: creationTimestamp: 2018-11-28T09:01:56Z generation: 1 name: apb-f633bb21-2dfb-4864-9bbc-d78c4b287365 namespace: debug resourceVersion: "27184" selfLink: /apis/extensions/v1beta1/namespaces/debug/networkpolicies/apb-f633bb21-2dfb-4864-9bbc-d78c4b287365 uid: 419f9c30-f2ec-11e8-bd61-fa163eb79193 spec: ingress: - from: - namespaceSelector: matchLabels: apb-pod-name: apb-f633bb21-2dfb-4864-9bbc-d78c4b287365 podSelector: {} policyTypes: - Ingress kind: List metadata: resourceVersion: "" selfLink: "" But in my env, during the networkpolicy exist, the 2 pod in the namespace can still connect to each other which checking by curl command. Steps are the same with the below verified steps. In asb 1.2.21, during provision and deprovision , it will not create new networkpolicy, and pods in the namespace can connect to each other, mark the issue as VERIFIED. steps: 1. provision mediawiki-apb in project test. 2. start a test pod to check network: # oc run debug -it --rm --image rhel7 --restart=Never --command -- bash $ curl mediawiki-efac1a5f-f2de-11e8-876c-0a580a800005:8080 -vvv 3. provision postgresql-apb in this project 4. during provision, check networkpolicy and mediawiki pod's reponse in another shell. # oc get networkpolicy $ curl mediawiki-efac1a5f-f2de-11e8-876c-0a580a800005:8080 -vvv # oc logs -f dc/asb -n openshift-ansible-service-broker time="2018-11-28T09:39:53Z" level=info msg="No network policies found. Assuming things are open, skip network policy creation" result: 1. no new networkpolicy created 2. mediawiki pod still response to other pods.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3750