-
Notifications
You must be signed in to change notification settings - Fork 305
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NetworkPolicy with matchExpressions is not applied to matching pods #2006
Comments
Hi minrk, AKS bot here 👋 I might be just a bot, but I'm told my suggestions are normally quite good, as such:
|
Triage required from @Azure/aks-pm |
Action required from @Azure/aks-pm |
Issue needing attention of @Azure/aks-leads |
7 similar comments
Issue needing attention of @Azure/aks-leads |
Issue needing attention of @Azure/aks-leads |
Issue needing attention of @Azure/aks-leads |
Issue needing attention of @Azure/aks-leads |
Issue needing attention of @Azure/aks-leads |
Issue needing attention of @Azure/aks-leads |
Issue needing attention of @Azure/aks-leads |
@minrk have you upgraded your cluster? If not, can you upgrade to the the latest and try the config again? |
Triage required from @Azure/aks-pm |
@miwithro we had to teardown our cluster and start again with calico, which has the right behavior. We no longer have a cluster with azure-npm to test with. |
What happened:
NetworkPolicy with matchExpressions is not applied to matching pods
What you expected to happen:
NetworkPolicy with matchExpressions is applied to matching pods
How to reproduce it (as minimally and precisely as possible):
I used this policy to deny-all egress:
and tested with
curl https://example.com
. It should be blocked. If the policy is applied, it is blocked. If the policy is not applied, it is not blocked. Interestingly, ifmatchExpressions
values list has only one item, it is applied correctly. But if there are two or more items, matching pods are not considered to be matching pods, and no restrictions are applied. matchLabels and other selectors are applying as expected.Anything else we need to know?:
Environment:
kubectl version
): v1.16.10original discovery of the issue: jupyterhub/mybinder.org-deploy#1468
The text was updated successfully, but these errors were encountered: