From e922a85dec7f4982b444fcda205aabc2169dde30 Mon Sep 17 00:00:00 2001
From: Duan Jiong <djduanjiong@gmail.com>
Date: Wed, 3 Jun 2020 12:04:40 +0800
Subject: [PATCH] fix namespace networkpolicy

add prefix when set key, otherwise the k8s rule will not be deleted
don't append ingress when ingress is empty, otherwise all ingress traffic will be allowed.

Signed-off-by: Duan Jiong <djduanjiong@gmail.com>
---
 pkg/controller/network/nsnetworkpolicy/controller.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/controller/network/nsnetworkpolicy/controller.go b/pkg/controller/network/nsnetworkpolicy/controller.go
index 66307443c..f38e82432 100644
--- a/pkg/controller/network/nsnetworkpolicy/controller.go
+++ b/pkg/controller/network/nsnetworkpolicy/controller.go
@@ -462,8 +462,10 @@ func (c *NSNetworkPolicyController) syncNs(key string) error {
 	if err != nil {
 		return err
 	}
+	if len(ruleNode.From) > 0 {
+		policy.Spec.Ingress = append(policy.Spec.Ingress, ruleNode)
+	}
 
-	policy.Spec.Ingress = append(policy.Spec.Ingress, ruleNode)
 	if delete {
 		c.provider.Delete(c.provider.GetKey(AnnotationNPNAME, ns.Name))
 	} else {
@@ -531,7 +533,7 @@ func (c *NSNetworkPolicyController) syncNSNP(key string) error {
 	if err != nil {
 		if errors.IsNotFound(err) {
 			klog.V(4).Infof("NSNP %v has been deleted", key)
-			c.provider.Delete(c.provider.GetKey(name, namespace))
+			c.provider.Delete(c.provider.GetKey(network.NSNPPrefix+name, namespace))
 			return nil
 		}