Bug 2032960 - Network policies are not blocking egress traffic
Summary: Network policies are not blocking egress traffic
Keywords:
Status: CLOSED DUPLICATE of bug 2016446
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.7
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: Andrew Stoycos
QA Contact: Anurag saxena
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-12-15 14:47 UTC by Andy Bartlett
Modified: 2022-01-06 21:38 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-01-06 21:38:58 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Andy Bartlett 2021-12-15 14:47:45 UTC 
Description of problem:
I have a customer that has an issue that network policies are not blocking egress traffic. They have one deployment in which the egress network policy is not applied to new pods, but when the network policies are removed and recreated they work.

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. Create Namespace
2. Create NetworkPolicies
3. Create Statefulset.
4. Start a shell in a statefulset Pod and try to bypass the networkpolices, for example:
   'curl https://www.google.nl'.
   Result: you reach the google website

5. Delete Networkpolicies.
6. Create Networkpolices
7. Start a shell in a statefulset Pod and try to bypass the networkpolices, for example:
   'curl https://www.google.nl'.
   Result: you can NOT reach the google website (edited) 

Actual results:
In the first steps (1 to 4) you can access the internet, this is wrong !!!

Expected results:
You should not be able to reach the internet in the first steps above (1 to 4)


Additional info:
Note You need to log in before you can comment on or make changes to this bug.