bug: network policies break internal cluster communication on OpenShift #26
Description
Describe the bug
The network policies that are created by the kcp-dns deployments for each workspace break intra-cluster communication on OpenShift, with the following errors in the kcp-dns-xxx deployments:
[ERROR] plugin/errors: 2 kaoto-backend-svc.cluster.local. A: read udp 10.131.1.59:50962->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc.cluster.local. AAAA: read udp 10.131.1.59:50318->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc.cluster.local. A: read udp 10.131.1.59:40727->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc.cluster.local. AAAA: read udp 10.131.1.59:35334->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc. A: read udp 10.131.1.59:57903->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc. AAAA: read udp 10.131.1.59:37753->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc. A: read udp 10.131.1.59:58677->172.30.0.10:53: i/o timeout
[ERROR] plugin/errors: 2 kaoto-backend-svc. AAAA: read udp 10.131.1.59:58091->172.30.0.10:53: i/o timeout
Steps To Reproduce
- Create a sync target that points to an OpenShift cluster
- Deploy the syncer components on that OpenShift cluster
- Create a namespace that's scheduled in that OpenShift cluster
- Create a deployment that resolves hostnames internal to the cluster
Expected Behaviour
The network policies should be compatible with OpenShift internal networking.
Additional Context
Deleting the network policies fixes the issue.