Description of problem: We have a setup where all ingress & egress traffic is denied as default in our OCP clusters We then add specific network policies to only allow expected traffic, including a default egress network policy to allow access to api server by referencing endpoints of Kubernetes service in default namespace Strangely, this rule seems to be taken into account very sporadically, in the same namespace, without touching this policy, sometimes access to api is working, sometimes it is not, without any actions on the network policies. When traffic is blocked, audit logs (ACL events) are clearly showing traffic to kubernetes api as dropped despite the existing network policy Version-Release number of selected component (if applicable): 4.10.13 How reproducible: Always Steps to Reproduce: 1. setup ingress & egress traffic is denied as default 2. add specific network policies to only allow expected traffic, including a default egress network policy to allow access to api server by referencing endpoints of Kubernetes service in default namespace 3. rule seems to be taken into account very sporadically Actual results: rule seems to be taken into account very sporadically OVN error panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x171a49d] Expected results: Network Policy would be added Additional info:
*** This bug has been marked as a duplicate of bug 2091238 ***
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days