Automated cherry pick of #5687: Fix NP not working on Hairpin #5701

GraysonWu · 2023-11-13T18:42:30Z

Cherry pick of #5687 on release-1.14.

#5687: Fix NP not working on Hairpin

For details on the cherry pick process, see the cherry pick requests page.

Fix antrea-io#5681 Network policy didn't work when using a server Pod to establish a connection to the service provided by itself. This hairpin service connection initiated through a local Pod will be SNATed to the gateway IP, which will prevent it from being correctly categorized by the network policy during the Ingress rule enforcement. This commit added a bypass flow to always allow the hairpin service connection to address this issue. Given we don't consider self-access blocking to be a valid case. Signed-off-by: graysonwu <wgrayson@vmware.com>

tnqn · 2023-11-14T14:47:06Z

/skip-all

GraysonWu added the kind/cherry-pick Categorizes issue or PR as related to the cherry-pick of a bug fix from the main branch to a release label Nov 13, 2023

GraysonWu requested a review from tnqn November 13, 2023 20:46

tnqn approved these changes Nov 14, 2023

View reviewed changes

tnqn merged commit ce28710 into antrea-io:release-1.14 Nov 14, 2023
48 of 55 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Automated cherry pick of #5687: Fix NP not working on Hairpin #5701

Automated cherry pick of #5687: Fix NP not working on Hairpin #5701

GraysonWu commented Nov 13, 2023

tnqn commented Nov 14, 2023

Automated cherry pick of #5687: Fix NP not working on Hairpin #5701

Automated cherry pick of #5687: Fix NP not working on Hairpin #5701

Conversation

GraysonWu commented Nov 13, 2023

tnqn commented Nov 14, 2023