From 7a0b18315f089a2bcc4157ba7cb3361836533038 Mon Sep 17 00:00:00 2001 From: Duan Jiong Date: Thu, 21 May 2020 09:39:58 +0800 Subject: [PATCH] fix namespace networkpolicy add filter on namespace event func delete the code which do same work with namespace controller Signed-off-by: Duan Jiong --- .../network/nsnetworkpolicy/controller.go | 74 ++++++++++--------- pkg/controller/network/provider/ns_k8s.go | 2 - 2 files changed, 41 insertions(+), 35 deletions(-) diff --git a/pkg/controller/network/nsnetworkpolicy/controller.go b/pkg/controller/network/nsnetworkpolicy/controller.go index 8f0e9e02a..66307443c 100644 --- a/pkg/controller/network/nsnetworkpolicy/controller.go +++ b/pkg/controller/network/nsnetworkpolicy/controller.go @@ -3,6 +3,7 @@ package nsnetworkpolicy import ( "fmt" "net" + "sort" "strings" "time" @@ -280,12 +281,10 @@ func (c *NSNetworkPolicyController) generateNodeRule() (netv1.NetworkPolicyIngre if snatIPs != "" { ips = append(ips, strings.Split(snatIPs, ";")...) } - - for _, address := range node.Status.Addresses { - ips = append(ips, address.Address) - } } + sort.Strings(ips) + for _, ip := range ips { cidr, err := stringToCIDR(ip) if err != nil { @@ -339,15 +338,17 @@ func (c *NSNetworkPolicyController) nsEnqueue(ns *corev1.Namespace) { return } - klog.V(4).Infof("Enqueue namespace %s", ns.Name) + workspaceName := ns.Labels[constants.WorkspaceLabelKey] + if workspaceName == "" { + return + } + c.nsQueue.Add(key) } func (c *NSNetworkPolicyController) addWorkspace(newObj interface{}) { new := newObj.(*workspacev1alpha1.Workspace) - klog.V(4).Infof("Add workspace %s", new.Name) - label := labels.SelectorFromSet(labels.Set{constants.WorkspaceLabelKey: new.Name}) nsList, err := c.namespaceInformer.Lister().List(label) if err != nil { @@ -360,6 +361,18 @@ func (c *NSNetworkPolicyController) addWorkspace(newObj interface{}) { } } +func (c *NSNetworkPolicyController) addNode(newObj interface{}) { + nsList, err := c.namespaceInformer.Lister().List(labels.Everything()) + if err != nil { + klog.Errorf("Error while list namespace by label") + return + } + + for _, ns := range nsList { + c.nsEnqueue(ns) + } +} + func (c *NSNetworkPolicyController) addNamespace(obj interface{}) { ns := obj.(*corev1.Namespace) @@ -368,8 +381,6 @@ func (c *NSNetworkPolicyController) addNamespace(obj interface{}) { return } - klog.V(4).Infof("Add namespace %s", ns.Name) - c.nsEnqueue(ns) } @@ -381,17 +392,7 @@ func isNetworkIsolateEnabled(ns *corev1.Namespace) bool { return false } -func hadNamespaceLabel(ns *corev1.Namespace) bool { - if ns.Annotations[constants.NamespaceLabelKey] == ns.Name { - return true - } - - return false -} - func (c *NSNetworkPolicyController) syncNs(key string) error { - klog.V(4).Infof("Sync namespace %s", key) - _, name, err := cache.SplitMetaNamespaceKey(key) if err != nil { klog.Errorf("Not a valid controller key %s, %#v", key, err) @@ -411,9 +412,9 @@ func (c *NSNetworkPolicyController) syncNs(key string) error { workspaceName := ns.Labels[constants.WorkspaceLabelKey] if workspaceName == "" { - klog.Error("Workspace name should not be empty") return nil } + wksp, err := c.workspaceInformer.Lister().Get(workspaceName) if err != nil { //Should not be here @@ -425,16 +426,6 @@ func (c *NSNetworkPolicyController) syncNs(key string) error { return err } - //Maybe some ns not labeled - if !hadNamespaceLabel(ns) { - ns.Labels[constants.NamespaceLabelKey] = ns.Name - _, err := c.client.CoreV1().Namespaces().Update(ns) - if err != nil { - //Just log, label can also be added by namespace controller - klog.Errorf("cannot label namespace %s", ns.Name) - } - } - matchWorkspace := false delete := false nsnpList, _ := c.informer.Lister().NamespaceNetworkPolicies(ns.Name).List(labels.Everything()) @@ -611,7 +602,7 @@ func NewNSNetworkPolicyController( AddFunc: controller.addWorkspace, UpdateFunc: func(oldObj, newObj interface{}) { old := oldObj.(*workspacev1alpha1.Workspace) - new := oldObj.(*workspacev1alpha1.Workspace) + new := newObj.(*workspacev1alpha1.Workspace) if old.Spec.NetworkIsolation == new.Spec.NetworkIsolation { return } @@ -619,12 +610,29 @@ func NewNSNetworkPolicyController( }, }) - namespaceInformer.Informer().AddEventHandlerWithResyncPeriod(cache.ResourceEventHandlerFuncs{ + nodeInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ + AddFunc: controller.addNode, + UpdateFunc: func(oldObj, newObj interface{}) { + old := oldObj.(*corev1.Node) + new := newObj.(*corev1.Node) + if old.Annotations[NodeNSNPAnnotationKey] == new.Annotations[NodeNSNPAnnotationKey] { + return + } + controller.addNode(newObj) + }, + }) + + namespaceInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ AddFunc: controller.addNamespace, UpdateFunc: func(oldObj interface{}, newObj interface{}) { + old := oldObj.(*corev1.Namespace) + new := newObj.(*corev1.Namespace) + if old.Annotations[NamespaceNPAnnotationKey] == new.Annotations[NamespaceNPAnnotationKey] { + return + } controller.addNamespace(newObj) }, - }, defaultSleepDuration) + }) nsnpInformer.Informer().AddEventHandlerWithResyncPeriod(cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { diff --git a/pkg/controller/network/provider/ns_k8s.go b/pkg/controller/network/provider/ns_k8s.go index e2cdedf12..5a744771f 100644 --- a/pkg/controller/network/provider/ns_k8s.go +++ b/pkg/controller/network/provider/ns_k8s.go @@ -50,7 +50,6 @@ func (c *k8sPolicyController) Start(stopCh <-chan struct{}) { } func (c *k8sPolicyController) Set(np *netv1.NetworkPolicy) error { - klog.V(4).Infof("Set NetworkPolicy %s/%s %+v", np.Namespace, np.Name, np) // Add to cache. k := c.GetKey(np.Name, np.Namespace) c.resourceCache.Set(k, *np) @@ -59,7 +58,6 @@ func (c *k8sPolicyController) Set(np *netv1.NetworkPolicy) error { } func (c *k8sPolicyController) Delete(key string) { - klog.V(4).Infof("Delete NetworkPolicy %s", key) c.resourceCache.Delete(key) }