fix(NPC): remove HostNetwork check from OnPodUpdate

aauren · aauren · commit 3dc5c3fbcd53 · 2021-06-01T10:42:42.000-05:00
With the previous logic, if a pod changed from having HostNetwork =
False to HostNetwork = True, NPC would not trigger a refresh to clear
out the rules that once applied. Now this check has been moved lower in
the fullPolicySync() logic so that it accounts for these pods naturally.
diff --git a/pkg/controllers/netpol/pod.go b/pkg/controllers/netpol/pod.go
@@ -36,10 +36,6 @@ func (npc *NetworkPolicyController) newPodEventHandler() cache.ResourceEventHand
 // OnPodUpdate handles updates to pods from the Kubernetes api server
 func (npc *NetworkPolicyController) OnPodUpdate(obj interface{}) {
 	pod := obj.(*api.Pod)
-	if pod.Spec.HostNetwork {
-		klog.V(2).Infof("Ignoring update to hostNetwork pod: %s/%s", pod.Namespace, pod.Name)
-		return
-	}
 	klog.V(2).Infof("Received update to pod: %s/%s", pod.Namespace, pod.Name)
 
 	npc.RequestFullSync()
