Our current handling of network policies is that we on OpenShift 3.11 and higher, we cover the access to Zookeeper 2181 port is allowed from all namespaces from pods with label strimzi.io/kind=cluster-operator. However, it turns out that while the Kubernetes API in OCP 3.11 supports this, the network policy SDN plugin does not and that makes the whole thing not working.

To work around this, we should just allow the access tot he 2181 port on OpenShift 3.11 from everywhere. The same should be done on earlier versions. On OpenShfit 4.0 and Kubernetes 1.11+ the network policy should be done as it is right now.