Description of problem: Hi, Created from BZ: 1950283 Speaking to the customer today, they have observed that if you use: # Source: networkpolicies-config-values/charts/networkpolicies-config/templates/networkpolicies.yaml kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: stex-rd-networkpolicies-config-allow-from-ic labels: helm.sh/chart: networkpolicies-config-0.1.0 app.kubernetes.io/name: networkpolicies-config app.kubernetes.io/instance: stex-rd app.kubernetes.io/version: "1.16.0" app.kubernetes.io/managed-by: Helm spec: podSelector: matchLabels: "nl.duo.networkpolicy.allow-ingress": 'true' ingress: - from: - ipBlock: cidr: 10.0.4.2/23 - ipBlock: cidr: 10.1.2.2/23 - ipBlock: cidr: 10.3.2.2/23 policyTypes: - Ingress In this case the ipBlock only uses the last cidr specified (cidr: 10.3.2.2/23) , so to get round this: # Source: networkpolicies-config-values/charts/networkpolicies-config/templates/networkpolicies.yaml kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: stex-rd-networkpolicies-config-allow-from-ic labels: helm.sh/chart: networkpolicies-config-0.1.0 app.kubernetes.io/name: networkpolicies-config app.kubernetes.io/instance: stex-rd app.kubernetes.io/version: "1.16.0" app.kubernetes.io/managed-by: Helm spec: podSelector: matchLabels: "nl.duo.networkpolicy.allow-ingress": 'true' ingress: - from: - ipBlock: cidr: 10.0.4.2/23 - from: - ipBlock: cidr: 10.1.2.2/23 - from: - ipBlock: cidr: 10.3.2.2/23 policyTypes: - Ingress Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
This will need to be backported to 4.6.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438