Skip to content

Commit 04a7e20

Browse files
kabicinKirby Chin
kabicin
authored and
Kirby Chin
committed
Default on kube-dns in NetworkPolicy for non-OCP env
1 parent 0118a9c commit 04a7e20

File tree

1 file changed

+6
-25
lines changed

1 file changed

+6
-25
lines changed

controllers/webspherelibertyapplication_controller.go

Lines changed: 6 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -414,34 +414,15 @@ func (r *ReconcileWebSphereLiberty) Reconcile(ctx context.Context, request ctrl.
414414
},
415415
}
416416
apiServerNetworkPolicy.Spec.Egress = make([]networkingv1.NetworkPolicyEgressRule, 0)
417+
418+
var dnsRule networkingv1.NetworkPolicyEgressRule
417419
// Add OpenShift DNS NetworkPolicy (if applicable)
418420
if r.IsOpenShift() {
419-
dnsRule := networkingv1.NetworkPolicyEgressRule{}
420-
if dnsEndpoints, err := r.getEndpoints("dns-default", "openshift-dns"); err == nil {
421-
if endpointPort := lutils.GetEndpointPortByName(&dnsEndpoints.Subsets[0].Ports, "dns"); endpointPort != nil {
422-
dnsRule.Ports = append(dnsRule.Ports, lutils.CreateNetworkPolicyPortFromEndpointPort(endpointPort))
423-
}
424-
if endpointPort := lutils.GetEndpointPortByName(&dnsEndpoints.Subsets[0].Ports, "dns-tcp"); endpointPort != nil {
425-
dnsRule.Ports = append(dnsRule.Ports, lutils.CreateNetworkPolicyPortFromEndpointPort(endpointPort))
426-
}
427-
peer := networkingv1.NetworkPolicyPeer{}
428-
peer.NamespaceSelector = &metav1.LabelSelector{
429-
MatchLabels: map[string]string{
430-
"kubernetes.io/metadata.name": "openshift-dns",
431-
},
432-
}
433-
dnsRule.To = append(dnsRule.To, peer)
434-
reqLogger.Info("Found endpoints for dns-default service in the openshift-dns namespace")
435-
} else {
436-
peer := networkingv1.NetworkPolicyPeer{}
437-
peer.NamespaceSelector = &metav1.LabelSelector{
438-
MatchLabels: map[string]string{},
439-
}
440-
dnsRule.To = append(dnsRule.To, peer)
441-
reqLogger.Info("Failed to retrieve endpoints for dns-default service in the openshift-dns namespace. Using more permissive rule.")
442-
}
443-
apiServerNetworkPolicy.Spec.Egress = append(apiServerNetworkPolicy.Spec.Egress, dnsRule)
421+
dnsRule = r.getDNSEgressRule(reqLogger, "dns-default", "openshift-dns")
422+
} else { // Otherwise, support CoreDNS NetworkPolicy by default
423+
dnsRule = r.getDNSEgressRule(reqLogger, "kube-dns", "kube-system")
444424
}
425+
apiServerNetworkPolicy.Spec.Egress = append(apiServerNetworkPolicy.Spec.Egress, dnsRule)
445426

446427
rule := networkingv1.NetworkPolicyEgressRule{}
447428
if apiServerEndpoints, err := r.getEndpoints("kubernetes", "default"); err == nil {

0 commit comments

Comments
 (0)