fix namespace networkpolicy

add prefix when set key, otherwise the k8s rule will not be deleted don't append ingress when ingress is empty, otherwise all ingress traffic will be allowed. Signed-off-by: N Duan Jiong <djduanjiong@gmail.com>

fix namespace networkpolicy
add prefix when set key, otherwise the k8s rule will not be deleted don't append ingress when ingress is empty, otherwise all ingress traffic will be allowed. Signed-off-by: N Duan Jiong <djduanjiong@gmail.com>
e922a85d · Duan Jiong · 3f86b8b3 · e922a85d
隐藏空白更改
内联并排

Showing with 4 addition and 2 deletion

pkg/controller/network/nsnetworkpolicy/controller.go pkg/controller/network/nsnetworkpolicy/controller.go +4 -2

未找到文件。
--- a/pkg/controller/network/nsnetworkpolicy/controller.go
+++ b/pkg/controller/network/nsnetworkpolicy/controller.go
@@ -462,8 +462,10 @@ func (c *NSNetworkPolicyController) syncNs(key string) error {
 	if err != nil {
 		return err
 	}
+	if len(ruleNode.From) > 0 {
+		policy.Spec.Ingress = append(policy.Spec.Ingress, ruleNode)
+	}

-	policy.Spec.Ingress = append(policy.Spec.Ingress, ruleNode)
 	if delete {
 		c.provider.Delete(c.provider.GetKey(AnnotationNPNAME, ns.Name))
 	} else {
@@ -531,7 +533,7 @@ func (c *NSNetworkPolicyController) syncNSNP(key string) error {
 	if err != nil {
 		if errors.IsNotFound(err) {
 			klog.V(4).Infof("NSNP %v has been deleted", key)
-			c.provider.Delete(c.provider.GetKey(name, namespace))
+			c.provider.Delete(c.provider.GetKey(network.NSNPPrefix+name, namespace))
 			return nil
 		}