Merge pull request #1430 from rfredette/ocpbugs-84773-canary-netpol

OCPBUGS-84773: Allow host network connections to the ingress canary

Author: openshift-merge-bot[bot]

pkg/manifests/assets/canary/networkpolicy-allow.yaml

@@ -15,8 +15,13 @@ spec:
     - protocol: TCP
       port: 8443
     from:
+    # depending on topology, valid canary checks will either appear to come from
+    # the router's namespace or the host network.
     - namespaceSelector:
         matchLabels:
           kubernetes.io/metadata.name: openshift-ingress
+    - namespaceSelector:
+        matchLabels:
+          policy-group.network.openshift.io/host-network: ""
   policyTypes:
   - Ingress