validate cidr

only accept validated cidr.
And fix the error handle when network-isotate is diabled.
And remove the useless crd.
Signed-off-by: NDuan Jiong <djduanjiong@gmail.com>

config/crds/network.kubesphere.io_namespacenetworkpolicies.yaml

@@ -101,6 +101,7 @@ spec:
                               description: CIDR is a string representing the IP Block
                                 Valid examples are "192.168.1.1/24"
                               type: string
+                              pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))$
                             except:
                               description: Except is a slice of CIDRs that should
                                 not be included within an IP Block Valid examples

pkg/controller/network/nsnetworkpolicy/nsnetworkpolicy_controller.go

@@ -428,19 +428,21 @@ func (c *NSNetworkPolicyController) syncNs(key string) error {
 
 	matchWorkspace := false
 	delete := false
-	nsnpList, _ := c.informer.Lister().NamespaceNetworkPolicies(ns.Name).List(labels.Everything())
+	nsnpList, err := c.informer.Lister().NamespaceNetworkPolicies(ns.Name).List(labels.Everything())
 	if isNetworkIsolateEnabled(ns) {
 		matchWorkspace = false
 	} else if wksp.Spec.NetworkIsolation {
 		matchWorkspace = true
+	} else {
+		delete = true
+	}
+	if delete || matchWorkspace {
 		//delete all namespace np when networkisolate not active
-		if err != nil && len(nsnpList) > 0 {
+		if err == nil && len(nsnpList) > 0 {
 			if c.ksclient.NamespaceNetworkPolicies(ns.Name).DeleteCollection(nil, typev1.ListOptions{}) != nil {
 				klog.Errorf("Error when delete all nsnps in namespace %s", ns.Name)
 			}
 		}
-	} else {
-		delete = true
 	}
 
 	policy := generateNSNP(workspaceName, ns.Name, matchWorkspace)