This bug was initially created as a copy of Bug #1947176 I am copying this bug because: Upstream PR https://github.com/ovn-org/ovn-kubernetes/pull/2152 fixes a bug where ForEachAddressSet didn't work. This means that we won't delete old address sets if the deletion is missed, say, because ovn-k was restarting. If another namespace or NetworkPolicy comes into existence with the same name, it will have spurious IPs in the address set. We should backport this fix as appropriate.
This bug will be shipped as part of next z-stream release 4.7.15 on June 14th, as 4.7.14 was dropped due to a regression https://bugzilla.redhat.com/show_bug.cgi?id=1967614
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.16 security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2286