Description of problem: Egressfirewall cannot work in latest nightly builds Version-Release number of the following components: 4.6.0-0.nightly-2020-09-17-050000 4.6.0-0.nightly-2020-09-16-062819 How reproducible: Always Steps to Reproduce: 1. Create namespace test and pods in it. oc get pods -n test NAME READY STATUS RESTARTS AGE hello-pod 1/1 Running 0 3m19s 2. Create EgressFirewall in ns test oc get egressfirewall default -n test -o yaml apiVersion: k8s.ovn.org/v1 kind: EgressFirewall metadata: creationTimestamp: "2020-09-17T09:52:14Z" generation: 2 managedFields: - apiVersion: k8s.ovn.org/v1 fieldsType: FieldsV1 fieldsV1: f:spec: .: {} f:egress: {} manager: oc operation: Update time: "2020-09-17T09:52:14Z" - apiVersion: k8s.ovn.org/v1 fieldsType: FieldsV1 fieldsV1: f:status: .: {} f:status: {} manager: ovnkube operation: Update time: "2020-09-17T09:52:14Z" name: default namespace: test resourceVersion: "58745" selfLink: /apis/k8s.ovn.org/v1/namespaces/test/egressfirewalls/default uid: 34c66bd5-7c28-45d4-8bee-40fc362907f3 spec: egress: - to: cidrSelector: 0.0.0.0/0 type: Deny status: status: EgressFirewall Rules applied 3. From hello-pod to access public websites. Acutal Result: Still can acess. EgressFirewall doesnt take effect. oc rsh -n test hello-pod / # curl www.test.com <html><head><title>301 Moved Permanently</title></head><body bgcolor='white'><center><h1>301 Moved Permanently</h1><h2>Object moved to <a href='https://www.test.com/'>here</a>.</h2></center><hr><center>DOSarrest Internet Security</center></body></html> / # exit Expected Result EgressFirewall should take effect.
Created attachment 1715209 [details] must-gather for network logs
*** Bug 1879904 has been marked as a duplicate of this bug. ***
upstream changes pulled downstream in: https://github.com/openshift/ovn-kubernetes/pull/279
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196