mirrors/kube-router
1
0
Fork 0
mirror of https://github.com/cloudnativelabs/kube-router.git synced 2025-11-20 04:21:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move ipset restore outside policy loop

Browse Source 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
This commit is contained in:
Brad Davidson 2023-09-15 16:43:28 +00:00 committed by Aaron U'Ren
parent e34ef29fe2
commit b06b4f05c3
1 changed files with 20 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/controllers/netpol/policy.go
View File

@ -112,8 +112,7 @@ func (npc *NetworkPolicyController) syncNetworkPolicyChains(networkPoliciesInfo
} }
} }
for ipFamily, ipset := range npc.ipSetHandlers { for ipFamily := range npc.ipSetHandlers {
ipFamily := ipFamily
// ensure there is a unique chain per network policy in filter table // ensure there is a unique chain per network policy in filter table
policyChainName := networkPolicyChainName(policy.namespace, policy.name, version, ipFamily) policyChainName := networkPolicyChainName(policy.namespace, policy.name, version, ipFamily)
@ -143,7 +142,11 @@ func (npc *NetworkPolicyController) syncNetworkPolicyChains(networkPoliciesInfo
} }
activePolicyIPSets[targetSourcePodIPSetName] = true activePolicyIPSets[targetSourcePodIPSetName] = true
} }
}
}
for ipFamily, ipset := range npc.ipSetHandlers {
ipFamily := ipFamily
restoreStart := time.Now() restoreStart := time.Now()
err := ipset.Restore() err := ipset.Restore()
restoreEndTime := time.Since(restoreStart) restoreEndTime := time.Since(restoreStart)
@ -164,7 +167,6 @@ func (npc *NetworkPolicyController) syncNetworkPolicyChains(networkPoliciesInfo
return nil, nil, fmt.Errorf("failed to perform ipset restore: %w", err) return nil, nil, fmt.Errorf("failed to perform ipset restore: %w", err)
} }
} }
}
klog.V(2).Infof("Iptables chains in the filter table are synchronized with the network policies.") klog.V(2).Infof("Iptables chains in the filter table are synchronized with the network policies.")