Description of problem: Can not delete egressnetworkpolicy in Foreground propagation Version-Release number of selected component (if applicable): OpenShift 4.8.18 How reproducible: 100% Steps to Reproduce: 1. $ oc new-project test-ping 2. $ cat networkpolicy.yaml apiVersion: network.openshift.io/v1 kind: EgressNetworkPolicy metadata: name: deny-by-default namespace: test-ping spec: egress: - to: cidrSelector: 0.0.0.0/0 type: Deny 3. $ oc apply -f networkpolicy.yaml 4. $ oc delete --cascade=foreground egressnetworkpolicy deny-by-default Actual results: The deny-by-default EgressNetworkPolicy will exist forever Expected results: The dependents of the EgressNetworkPolicy CR should be deleted and EgressNetworkPolicy should disappear. Additional info: In GitOps by default it uses Foreground propagation policy so this is causing problems in OpenShift GitOps.
yes, I can reproduce this issue on 4.10 version also. below is with loglevel=8 $ oc delete --cascade=foreground egressnetworkpolicy deny-by-default --loglevel=8 I0114 10:14:25.132918 9584 loader.go:372] Config loaded from file: /home/zzhao/kubeconfig I0114 10:14:25.143425 9584 request.go:1181] Request Body: {"propagationPolicy":"Foreground"} I0114 10:14:25.143508 9584 round_trippers.go:432] DELETE https://api.zzhaom112.qe.devcluster.openshift.com:6443/apis/network.openshift.io/v1/namespaces/test-ping/egressnetworkpolicies/deny-by-default I0114 10:14:25.143522 9584 round_trippers.go:438] Request Headers: I0114 10:14:25.143531 9584 round_trippers.go:442] Content-Type: application/json I0114 10:14:25.143539 9584 round_trippers.go:442] User-Agent: oc/4.9.0 (linux/amd64) kubernetes/c456714 I0114 10:14:25.143550 9584 round_trippers.go:442] Accept: application/json I0114 10:14:25.921836 9584 round_trippers.go:457] Response Status: 200 OK in 778 milliseconds I0114 10:14:25.921871 9584 round_trippers.go:460] Response Headers: I0114 10:14:25.921892 9584 round_trippers.go:463] Audit-Id: 43b10172-e748-4910-b435-a0d4380e1dff I0114 10:14:25.921901 9584 round_trippers.go:463] Cache-Control: no-cache, private I0114 10:14:25.921910 9584 round_trippers.go:463] Content-Type: application/json I0114 10:14:25.921920 9584 round_trippers.go:463] X-Kubernetes-Pf-Flowschema-Uid: ee106863-987a-4e4a-b750-8afb91a7f1ef I0114 10:14:25.921929 9584 round_trippers.go:463] X-Kubernetes-Pf-Prioritylevel-Uid: 2697f45c-769c-4c1e-89e1-733b4722acf4 I0114 10:14:25.921939 9584 round_trippers.go:463] Content-Length: 648 I0114 10:14:25.921946 9584 round_trippers.go:463] Date: Fri, 14 Jan 2022 02:14:25 GMT I0114 10:14:25.921983 9584 request.go:1181] Response Body: {"apiVersion":"network.openshift.io/v1","kind":"EgressNetworkPolicy","metadata":{"creationTimestamp":"2022-01-14T02:14:03Z","deletionGracePeriodSeconds":0,"deletionTimestamp":"2022-01-14T02:14:25Z","finalizers":["foregroundDeletion"],"generation":2,"managedFields":[{"apiVersion":"network.openshift.io/v1","fieldsType":"FieldsV1","fieldsV1":{"f:spec":{".":{},"f:egress":{}}},"manager":"kubectl-create","operation":"Update","time":"2022-01-14T02:14:03Z"}],"name":"deny-by-default","namespace":"test-ping","resourceVersion":"355923","uid":"141c5c67-9fd9-45ed-adce-49a10d89c40a"},"spec":{"egress":[{"to":{"cidrSelector":"0.0.0.0/0"},"type":"Deny"}]}} egressnetworkpolicy.network.openshift.io "deny-by-default" deleted I0114 10:14:25.922258 9584 round_trippers.go:432] GET https://api.zzhaom112.qe.devcluster.openshift.com:6443/apis/network.openshift.io/v1/namespaces/test-ping/egressnetworkpolicies?fieldSelector=metadata.name%3Ddeny-by-default I0114 10:14:25.922272 9584 round_trippers.go:438] Request Headers: I0114 10:14:25.922293 9584 round_trippers.go:442] Accept: application/json I0114 10:14:25.922302 9584 round_trippers.go:442] User-Agent: oc/4.9.0 (linux/amd64) kubernetes/c456714 I0114 10:14:26.173413 9584 round_trippers.go:457] Response Status: 200 OK in 251 milliseconds I0114 10:14:26.173435 9584 round_trippers.go:460] Response Headers: I0114 10:14:26.173443 9584 round_trippers.go:463] Audit-Id: 3fcde551-b2b8-411a-ae2c-6362d1886079 I0114 10:14:26.173450 9584 round_trippers.go:463] Cache-Control: no-cache, private I0114 10:14:26.173455 9584 round_trippers.go:463] Content-Type: application/json I0114 10:14:26.173461 9584 round_trippers.go:463] X-Kubernetes-Pf-Flowschema-Uid: ee106863-987a-4e4a-b750-8afb91a7f1ef I0114 10:14:26.173485 9584 round_trippers.go:463] X-Kubernetes-Pf-Prioritylevel-Uid: 2697f45c-769c-4c1e-89e1-733b4722acf4 I0114 10:14:26.173508 9584 round_trippers.go:463] Content-Length: 786 I0114 10:14:26.173518 9584 round_trippers.go:463] Date: Fri, 14 Jan 2022 02:14:26 GMT I0114 10:14:26.173571 9584 request.go:1181] Response Body: {"apiVersion":"network.openshift.io/v1","items":[{"apiVersion":"network.openshift.io/v1","kind":"EgressNetworkPolicy","metadata":{"creationTimestamp":"2022-01-14T02:14:03Z","deletionGracePeriodSeconds":0,"deletionTimestamp":"2022-01-14T02:14:25Z","finalizers":["foregroundDeletion"],"generation":2,"managedFields":[{"apiVersion":"network.openshift.io/v1","fieldsType":"FieldsV1","fieldsV1":{"f:spec":{".":{},"f:egress":{}}},"manager":"kubectl-create","operation":"Update","time":"2022-01-14T02:14:03Z"}],"name":"deny-by-default","namespace":"test-ping","resourceVersion":"355923","uid":"141c5c67-9fd9-45ed-adce-49a10d89c40a"},"spec":{"egress":[{"to":{"cidrSelector":"0.0.0.0/0"},"type":"Deny"}]}}],"kind":"EgressNetworkPolicyList","metadata":{"continue":"","resourceVersion":"355926"}} I0114 10:14:26.173955 9584 round_trippers.go:432] GET https://api.zzhaom112.qe.devcluster.openshift.com:6443/apis/network.openshift.io/v1/namespaces/test-ping/egressnetworkpolicies?fieldSelector=metadata.name%3Ddeny-by-default&resourceVersion=355926&watch=true I0114 10:14:26.173981 9584 round_trippers.go:438] Request Headers: I0114 10:14:26.173995 9584 round_trippers.go:442] Accept: application/json I0114 10:14:26.174007 9584 round_trippers.go:442] User-Agent: oc/4.9.0 (linux/amd64) kubernetes/c456714 I0114 10:14:26.436456 9584 round_trippers.go:457] Response Status: 200 OK in 262 milliseconds I0114 10:14:26.436478 9584 round_trippers.go:460] Response Headers: I0114 10:14:26.436499 9584 round_trippers.go:463] Date: Fri, 14 Jan 2022 02:14:26 GMT I0114 10:14:26.436513 9584 round_trippers.go:463] Audit-Id: d438d0ad-e43c-4c38-b85a-bacc0629d496 I0114 10:14:26.436527 9584 round_trippers.go:463] Cache-Control: no-cache, private I0114 10:14:26.436540 9584 round_trippers.go:463] Content-Type: application/json I0114 10:14:26.436554 9584 round_trippers.go:463] X-Kubernetes-Pf-Flowschema-Uid: ee106863-987a-4e4a-b750-8afb91a7f1ef I0114 10:14:26.436569 9584 round_trippers.go:463] X-Kubernetes-Pf-Prioritylevel-Uid: 2697f45c-769c-4c1e-89e1-733b4722acf4
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.9.19 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:0340