Pods unexpectedly stop calling service IP hosted in same namespace when using Network Policy

Solution Verified - Updated -

Issue

  • Issue observed that in a namespace with Network Policy rules enabled, having a policy for allow-from-same namespace, pods will have different behaviors when calling service IPs hosted in the same namespace.

    • For Instance:
      Deployment1 with two pods (A/B) exists in one namespace.
      Deployment2 with 1 pod hosting a service and route exists in the same namespace
      Pod A will unexpectedly stop being able to call service IP of deployment2; Pod B will never lose access to calling service IP of deployment2.

  • Pods intermittently fail to reach internal service addresses, but are able to be interacted with otherwise, and can reach upstream/external addresses including routes on the cluster.

Environment

  • Red Hat OpenShift Container Platform (RHOCP)

    • 4

  • OVN-Kubernetes

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content