Baremetal OpenShift 4.2.0
$ oc version
Client Version: openshift-clients-4.3.0-201909231341
Server Version: 4.2.0
Kubernetes Version: v1.14.6+2e5ed54
oc new-project np-test
oc new-app nginx-example
oc logs -f bc/nginx-example
# After build is done
oc scale dc/nginx-example --replicas=2
oc create -f - <<EOF
apiVersion: extensions/v1beta1
kind: NetworkPolicy
metadata:
name: deny-by-default
spec:
podSelector: {}
policyTypes:
- Ingress
EOF
oc get pods -o wide -l app=nginx-example
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-example-1-ls67j 1/1 Running 0 6d1h 10.131.0.14 compute-0 <none> <none>
nginx-example-1-ssqnf 1/1 Running 0 38s 10.128.0.33 compute-1 <none> <none>
$ oc rsh nginx-example-1-ls67j curl -I http://10.131.0.14:8080/
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Sun, 17 Nov 2019 17:41:36 GMT
Content-Type: text/html
Content-Length: 37451
Last-Modified: Mon, 11 Nov 2019 16:14:50 GMT
Connection: keep-alive
ETag: "5dc988fa-924b"
Accept-Ranges: bytes
$ oc rsh nginx-example-1-ls67j curl -I http://10.128.0.33:8080/
$
| Source | Target | Expected result | Result |
|---|---|---|---|
| pod on compute-0 | pod on compute-0 | FAIL | PASS |
| pod on compute-0 | pod on compute-1 | FAIL | FAIL |
oc rsh nginx-example-1-ls67j cat /proc/net/fib_trie | grep "|--" | egrep -v "0.0.0.0| 127."
|-- 10.128.0.0
|-- 10.131.0.0
|-- 10.131.0.14
|-- 10.131.1.255
|-- 172.30.0.0
|-- 224.0.0.0
|-- 10.128.0.0
|-- 10.131.0.0
|-- 10.131.0.14
|-- 10.131.1.255
|-- 172.30.0.0
|-- 224.0.0.0
10.131.0.14 is at the end "localhost"