mirrors/kube-router
1
0
Fork 0
mirror of https://github.com/cloudnativelabs/kube-router.git synced 2025-11-19 03:51:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

syncPodFirewallChains: loop on all NodeIp

Browse Source 
to find the pods running on a given Node
- Load PodIp in podInfo struct and use it instead of pod.ips[0].IP
This commit is contained in:
Thomas Ferrandiz 2022-08-01 15:23:17 +00:00 committed by Aaron U'Ren
parent 92e91df9d2
commit 4256a60705
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pkg/controllers/netpol/network_policy_controller.go
View File

@ -111,6 +111,7 @@ type networkPolicyInfo struct {
// internal structure to represent Pod // internal structure to represent Pod
type podInfo struct { type podInfo struct {
ip string
ips []v1core.PodIP ips []v1core.PodIP
name string name string
namespace string namespace string

8
pkg/controllers/netpol/pod.go
View File

@ -108,7 +108,6 @@ func (npc *NetworkPolicyController) syncPodFirewallChains(networkPoliciesInfo []
allLocalPods := make(map[string]podInfo) allLocalPods := make(map[string]podInfo)
for _, nodeIP := range npc.nodeIPs { for _, nodeIP := range npc.nodeIPs {
npc.getLocalPods(allLocalPods, nodeIP.String()) npc.getLocalPods(allLocalPods, nodeIP.String())
break
} }
for _, pod := range allLocalPods { for _, pod := range allLocalPods {
@ -161,8 +160,7 @@ func (npc *NetworkPolicyController) setupPodNetpolRules(pod podInfo, podFwChainN
} }
// add entries in pod firewall to run through applicable network policies // add entries in pod firewall to run through applicable network policies
for _, policy := range networkPoliciesInfo { for _, policy := range networkPoliciesInfo {
// TODO: Take the ipv4 address, pod.ips[0] is not good if _, ok := policy.targetPods[pod.ip]; !ok {
if _, ok := policy.targetPods[pod.ips[0].IP]; !ok {
continue continue
} }
comment := "\"run through nw policy " + policy.name + "\"" comment := "\"run through nw policy " + policy.name + "\""
@ -305,7 +303,9 @@ func (npc *NetworkPolicyController) getLocalPods(localPods map[string]podInfo, n
if strings.Compare(pod.Status.HostIP, nodeIP) != 0 || !isNetPolActionable(pod) { if strings.Compare(pod.Status.HostIP, nodeIP) != 0 || !isNetPolActionable(pod) {
continue continue
} }
localPods[pod.Status.PodIP] = podInfo{ips: pod.Status.PodIPs, localPods[pod.Status.PodIP] = podInfo{
ip: pod.Status.PodIP,
ips: pod.Status.PodIPs,
name: pod.ObjectMeta.Name, name: pod.ObjectMeta.Name,
namespace: pod.ObjectMeta.Namespace, namespace: pod.ObjectMeta.Namespace,
labels: pod.ObjectMeta.Labels} labels: pod.ObjectMeta.Labels}