Skip to content

Commit

Permalink
use createGenericHashIPSet
Browse files Browse the repository at this point in the history
  • Loading branch information
@thomasferrandiz @aauren
thomasferrandiz authored and aauren committed Oct 7, 2023
1 parent b3dcaa0 commit 76e5d20
Showing 1 changed file with 4 additions and 11 deletions.
15 changes: 4 additions & 11 deletions pkg/controllers/netpol/policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,6 @@ func (npc *NetworkPolicyController) syncNetworkPolicyChains(networkPoliciesInfo
activePolicyChains := make(map[string]bool)
activePolicyIPSets := make(map[string]bool)

// for ipFamily, ipset := range npc.ipSetHandlers {
// run through all network policies
for _, policy := range networkPoliciesInfo {

Expand All @@ -116,11 +115,8 @@ func (npc *NetworkPolicyController) syncNetworkPolicyChains(networkPoliciesInfo
if policy.policyType == kubeBothPolicyType || policy.policyType == kubeIngressPolicyType {
// create a ipset for all destination pod ip's matched by the policy spec PodSelector
targetDestPodIPSetName := policyDestinationPodIPSetName(policy.namespace, policy.name, ipFamily)
setEntries := make([][]string, 0)
for _, podIP := range currentPodIPs[ipFamily] {
setEntries = append(setEntries, []string{podIP, utils.OptionTimeout, "0"})
}
ipset.RefreshSet(targetDestPodIPSetName, setEntries, utils.TypeHashIP)
npc.createGenericHashIPSet(targetDestPodIPSetName, utils.TypeHashIP, currentPodIPs[ipFamily], ipFamily)

if err := npc.processIngressRules(policy,
targetDestPodIPSetName, activePolicyIPSets, version, ipFamily); err != nil {
return nil, nil, err
Expand All @@ -130,11 +126,8 @@ func (npc *NetworkPolicyController) syncNetworkPolicyChains(networkPoliciesInfo
if policy.policyType == kubeBothPolicyType || policy.policyType == kubeEgressPolicyType {
// create a ipset for all source pod ip's matched by the policy spec PodSelector
targetSourcePodIPSetName := policySourcePodIPSetName(policy.namespace, policy.name, ipFamily)
setEntries := make([][]string, 0)
for _, podIP := range currentPodIPs[ipFamily] {
setEntries = append(setEntries, []string{podIP, utils.OptionTimeout, "0"})
}
ipset.RefreshSet(targetSourcePodIPSetName, setEntries, utils.TypeHashIP)
npc.createGenericHashIPSet(targetSourcePodIPSetName, utils.TypeHashIP, currentPodIPs[ipFamily], ipFamily)

if err := npc.processEgressRules(policy,
targetSourcePodIPSetName, activePolicyIPSets, version, ipFamily); err != nil {
return nil, nil, err
Expand Down

0 comments on commit 76e5d20

Please sign in to comment.