+++ This bug was initially created as a clone of Bug #1985516 +++ +++ This bug was initially created as a clone of Bug #1985514 +++ +++ This bug was initially created as a clone of Bug #1985512 +++ Description of problem: In a v6 only ovn-k cluster, the management interface IP is not added to the address set used for classifying host network traffic. This causes the allow-from-router network policy to not work correctly on platforms where the endpoint publishing strategy is "HostNetwork" Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.Create a single stack v6 cluster on vsphere or a platform where the endpoint publishing strategy is HostNetwork 2.Create allow from ingress network policy 3.try external access to service in the cluster that is v6 Actual results: service is not reliably accessible since the v6 management IP is not added to the address set for classifying host network traffic Expected results: External access to a service in a single stack v6 cluster works reliably. Additional info:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6.42 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:3008