Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NetworkPolicyAdmissionRule should only exclude the contents of the same manifest. #45

Open
chez-shanpu opened this issue Dec 23, 2024 · 0 comments
Open

NetworkPolicyAdmissionRule should only exclude the contents of the same manifest. #45

chez-shanpu opened this issue Dec 23, 2024 · 0 comments
Assignees
@chez-shanpu
Labels
bug Something isn't working

Comments

@chez-shanpu
Copy link

Describe the bug
When excludeLables in NetworkPolicyAdmissionRule is set, the specified namespace excludes from not only the forbidden rules in the same manifest but also all the other ones.

To Reproduce

  1. Create a NetworkPolicyAdmissionRule like below to the e2e cluster
apiVersion: tenet.cybozu.io/v1beta2
kind: NetworkPolicyAdmissionRule
metadata:
    name: exclude-only-npar
spec:
    namespaceSelector:
      excludeLabels:
        team: tenant
  1. Run e2e and it will fail at [It] should reject a CiliumNetworkPolicy with forbidden IP

Expected behavior
excludeLabels should only affects to the same manifest.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chez-shanpu chez-shanpu

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chez-shanpu