Network Policy and Router Sharding in non-default namespace using --host-network=true blocks the traffic

Solution Verified - Updated -

Issue

  • Our routers aren't in the default namespace, as we create specific routers namespaces for specific application zones. Each router is bound to the node's network interface and is exposing and listening on different ports. The routers are deployed with --host-network=true and use this kind of configuration, with corresponding permissions. Problem is, it doesn't work at all. We're getting no connection between our routers and our services/pods when using Network Policy.
  • When deploying the router shard in a non-default namespace using the default router option --host-network=true, then applying Network Policy that should allow traffic between namespaces, traffic is blocked from the Router Shard namespace.

Environment

  • Red Hat OpenShift Container Platform 3, 4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content