*** Bug 1742249 has been marked as a duplicate of this bug. ***
Verified in version: v3.11.146 Steps: 1. Create a project p1 using egressIP 2. Add egressIP to node A 3. Create a pod in project p1 which is *not* running on node A. 4. Create a networkPolicy which only allows traffic from itself. Used the file in "Steps to Reproduce :step4" Go to the pod in project p1 and try to reach a resource outside OpenShift. / # ping www.google.com PING www.google.com (172.217.13.228) 56(84) bytes of data. 64 bytes from iad23s61-in-f4.1e100.net (172.217.13.228): icmp_seq=1 ttl=48 time=287 ms 64 bytes from iad23s61-in-f4.1e100.net (172.217.13.228): icmp_seq=2 ttl=48 time=286 ms 64 bytes from iad23s61-in-f4.1e100.net (172.217.13.228): icmp_seq=3 ttl=48 time=285 ms 64 bytes from iad23s61-in-f4.1e100.net (172.217.13.228): icmp_seq=4 ttl=48 time=286 ms Result: it works. 5. Create a rule that allows traffic from the default project. Used the file in "Steps to Reproduce :step6" Result: it works, traffic goes through. 6. Completely remove every networkPolicy. Traffic also works
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2816