Description of problem:
We currently do not check the ip family type between the gateway and the pods in the affected namespace. We need to add routes according to ip types. Additionally we need to ensure that if a pod in a multi-gw namespace only has routes for a single ip family type, we need to reject traffic from the other type. This will stop traffic from leaking to the cluster's default gw.
*** Bug 1911855 has been marked as a duplicate of this bug. ***
I'm working on it, will have it this week, as code freeze is this Friday.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.