@@ -14,21 +14,8 @@ import (
1414 "github.com/pkg/errors"
1515)
1616
17- var defaultDenyEgressPolicy policy.Policy
18- var defaultDenyIngressPolicy policy.Policy
19- var errIngress error
20- var errEgress error
21-
22- func init () {
23- defaultDenyEgressPolicy , errIngress = getEndpointPolicy (policy .ACLPolicy , cns .ActionTypeBlock , cns .DirectionTypeIn , 10_000 )
24- if errIngress != nil {
25- logger .Errorf ("failed to add default deny egress acl's for pod with err %v" , errIngress )
26- }
27- defaultDenyIngressPolicy , errEgress = getEndpointPolicy (policy .ACLPolicy , cns .ActionTypeBlock , cns .DirectionTypeOut , 10_000 )
28- if errEgress != nil {
29- logger .Errorf ("failed to add default deny ingress acl's for pod with err %v" , errEgress )
30- }
31- }
17+ var defaultDenyEgressPolicy policy.Policy = getEndpointPolicy (policy .ACLPolicy , cns .ActionTypeBlock , cns .DirectionTypeOut , 10_000 )
18+ var defaultDenyIngressPolicy policy.Policy = getEndpointPolicy (policy .ACLPolicy , cns .ActionTypeBlock , cns .DirectionTypeIn , 10_000 )
3219
3320// for AKS L1VH, do not set default route on infraNIC to avoid customer pod reaching all infra vnet services
3421// default route is set for secondary interface NIC(i.e,delegatedNIC)
@@ -83,22 +70,19 @@ func (k *K8sSWIFTv2Middleware) addDefaultRoute(podIPInfo *cns.PodIpInfo, gwIP st
8370}
8471
8572// get policy of type endpoint policy given the params
86- func getEndpointPolicy (policyType policy.CNIPolicyType , action , direction string , priority int ) (policy.Policy , error ) {
87- endpointPolicy , err := createEndpointPolicy (string (policyType ), action , direction , priority )
88- if err != nil {
89- return policy.Policy {}, errors .Wrap (err , "failed to create endpoint policy" )
90- }
73+ func getEndpointPolicy (policyType policy.CNIPolicyType , action , direction string , priority int ) policy.Policy {
74+ endpointPolicy := createEndpointPolicy (string (policyType ), action , direction , priority )
9175
9276 additionalArgs := policy.Policy {
9377 Type : policy .EndpointPolicy ,
9478 Data : endpointPolicy ,
9579 }
9680
97- return additionalArgs , nil
81+ return additionalArgs
9882}
9983
10084// create policy given the params
101- func createEndpointPolicy (policyType , action , direction string , priority int ) ( []byte , error ) {
85+ func createEndpointPolicy (policyType , action , direction string , priority int ) []byte {
10286 endpointPolicy := struct {
10387 Type string `json:"Type"`
10488 Action string `json:"Action"`
@@ -113,10 +97,10 @@ func createEndpointPolicy(policyType, action, direction string, priority int) ([
11397
11498 rawPolicy , err := json .Marshal (endpointPolicy )
11599 if err != nil {
116- return nil , errors . Wrap ( err , "error marshalling policy to json" )
100+ logger . Errorf ( "error marshalling policy to json, err is: %v" , err )
117101 }
118102
119- return rawPolicy , nil
103+ return rawPolicy
120104}
121105
122106// IPConfigsRequestHandlerWrapper is the middleware function for handling SWIFT v2 IP configs requests for AKS-SWIFT. This function wrapped the default SWIFT request
@@ -160,12 +144,6 @@ func (k *K8sSWIFTv2Middleware) IPConfigsRequestHandlerWrapper(defaultHandler, fa
160144 // there will be no pod connectivity to and from those pods
161145 if defaultDenyACLbool && ipInfo .NICType == cns .InfraNIC {
162146 ipInfo .EndpointPolicies = append (ipInfo .EndpointPolicies , defaultDenyEgressPolicy , defaultDenyIngressPolicy )
163- if errEgress != nil || errIngress != nil {
164- logger .Printf ("There was an error creating endpoint policies for defaultDeny policies" )
165- } else {
166- logger .Printf ("Successfully created endpoint policies for defaultDenyEgressPolicy and defaultDenyIngressPolicy" )
167- }
168-
169147 break
170148 }
171149 }
0 commit comments