Network Policy and Router Sharding in non-default namespace using --host-network=true blocks the traffic
Issue
- Our routers aren't in the default namespace, as we create specific routers namespaces for specific application zones. Each router is bound to the node's network interface and is exposing and listening on different ports. The routers are deployed with
--host-network=true
and use this kind of configuration, with corresponding permissions. Problem is, it doesn't work at all. We're getting no connection between our routers and our services/pods when using Network Policy. - When deploying the router shard in a non-default namespace using the default router option
--host-network=true
, then applying Network Policy that should allow traffic between namespaces, traffic is blocked from the Router Shard namespace.
Environment
- Red Hat OpenShift Container Platform 3, 4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.