The current Pathfinder cluster on OCP3.11 is considered an external system to the new OCP4 Silver cluster. As a result, Aporeto needs you to grant permission for your Pod(s) to talk to said external system
Talking to External System
Your newly minted namespace on OCP4 comes with the bare minimum Network Security Policy (NSP); it's just enough for very common tasks that every pod needs, like for example, talking to the Kubernetes API. Anything beyond this requires you to grant permission. You do this by wringing NSP. In this case, you need to do two things:
Create an External Network exposing ports 80 and 443.
Create NSP to let your Pod(s) talk to this External Network.
Here is a PR agains some existing NSP to do (1) and (2) above. In that example my API has a label role=api and I use that to help identify what is permitted to talk to the external network:
TL;DR
The current Pathfinder cluster on OCP3.11 is considered an external system to the new OCP4 Silver cluster. As a result, Aporeto needs you to grant permission for your Pod(s) to talk to said external system
Talking to External System
Your newly minted namespace on OCP4 comes with the bare minimum Network Security Policy (NSP); it's just enough for very common tasks that every pod needs, like for example, talking to the Kubernetes API. Anything beyond this requires you to grant permission. You do this by wringing NSP. In this case, you need to do two things:
Here is a PR agains some existing NSP to do (1) and (2) above. In that example my API has a label
role=apiand I use that to help identify what is permitted to talk to the external network: