mirrors/kube-router
1
0
Fork 0
mirror of https://github.com/cloudnativelabs/kube-router.git synced 2025-11-19 03:51:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
kube-router/pkg/controllers/netpol/utils.go
Aaron U'Ren 13e0a39800 fix(NPC): check if pod is actionable 
Check if the Pod is actionable before taking NetworkPolicy actions which
includes both adding KUBE-POD-FW and KUBE-NWPLCY chains for it.

Checks have now been consolidated to a single isNetPolActionable()
function which checks for pod phases that we don't want NetworkPolicy
for like: Failed, Completed, and Succeeded, missing pod IP addresses,
and pods with HostNetwork enabled.

fixes #1056
2021-06-01 10:42:42 -05:00

49 lines
1.4 KiB
Go
Raw Blame History

package netpol
import (
"fmt"
"regexp"
"strconv"
api "k8s.io/api/core/v1"
)
const (
PodCompleted api.PodPhase = "Completed"
)
func isNetPolActionable(pod *api.Pod) bool {
return !isFinished(pod) && pod.Status.PodIP != "" && !pod.Spec.HostNetwork
}
func isFinished(pod *api.Pod) bool {
switch pod.Status.Phase {
case api.PodFailed, api.PodSucceeded, PodCompleted:
return true
}
return false
}
func validateNodePortRange(nodePortOption string) (string, error) {
nodePortValidator := regexp.MustCompile(`^([0-9]+)[:-]([0-9]+)$`)
if matched := nodePortValidator.MatchString(nodePortOption); !matched {
return "", fmt.Errorf("failed to parse node port range given: '%s' please see specification in help text", nodePortOption)
}
matches := nodePortValidator.FindStringSubmatch(nodePortOption)
if len(matches) != 3 {
return "", fmt.Errorf("could not parse port number from range given: '%s'", nodePortOption)
}
port1, err := strconv.ParseUint(matches[1], 10, 16)
if err != nil {
return "", fmt.Errorf("could not parse first port number from range given: '%s'", nodePortOption)
}
port2, err := strconv.ParseUint(matches[2], 10, 16)
if err != nil {
return "", fmt.Errorf("could not parse second port number from range given: '%s'", nodePortOption)
}
if port1 >= port2 {
return "", fmt.Errorf("port 1 is greater than or equal to port 2 in range given: '%s'", nodePortOption)
}
return fmt.Sprintf("%d:%d", port1, port2), nil
}
Reference in New Issue View Git Blame Copy Permalink