Skip to content

Commit d893cd5

Browse files
kabicinkabicin
committed
Default on kube-dns in NetworkPolicy for non-OCP env
1 parent 119ea69 commit d893cd5

File tree

1 file changed

+6
-25
lines changed

1 file changed

+6
-25
lines changed

controllers/webspherelibertyapplication_controller.go

Lines changed: 6 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -410,34 +410,15 @@ func (r *ReconcileWebSphereLiberty) Reconcile(ctx context.Context, request ctrl.
410410
},
411411
}
412412
apiServerNetworkPolicy.Spec.Egress = make([]networkingv1.NetworkPolicyEgressRule, 0)
413+
414+
var dnsRule networkingv1.NetworkPolicyEgressRule
413415
// Add OpenShift DNS NetworkPolicy (if applicable)
414416
if r.IsOpenShift() {
415-
dnsRule := networkingv1.NetworkPolicyEgressRule{}
416-
if dnsEndpoints, err := r.getEndpoints("dns-default", "openshift-dns"); err == nil {
417-
if endpointPort := lutils.GetEndpointPortByName(&dnsEndpoints.Subsets[0].Ports, "dns"); endpointPort != nil {
418-
dnsRule.Ports = append(dnsRule.Ports, lutils.CreateNetworkPolicyPortFromEndpointPort(endpointPort))
419-
}
420-
if endpointPort := lutils.GetEndpointPortByName(&dnsEndpoints.Subsets[0].Ports, "dns-tcp"); endpointPort != nil {
421-
dnsRule.Ports = append(dnsRule.Ports, lutils.CreateNetworkPolicyPortFromEndpointPort(endpointPort))
422-
}
423-
peer := networkingv1.NetworkPolicyPeer{}
424-
peer.NamespaceSelector = &metav1.LabelSelector{
425-
MatchLabels: map[string]string{
426-
"kubernetes.io/metadata.name": "openshift-dns",
427-
},
428-
}
429-
dnsRule.To = append(dnsRule.To, peer)
430-
reqLogger.Info("Found endpoints for dns-default service in the openshift-dns namespace")
431-
} else {
432-
peer := networkingv1.NetworkPolicyPeer{}
433-
peer.NamespaceSelector = &metav1.LabelSelector{
434-
MatchLabels: map[string]string{},
435-
}
436-
dnsRule.To = append(dnsRule.To, peer)
437-
reqLogger.Info("Failed to retrieve endpoints for dns-default service in the openshift-dns namespace. Using more permissive rule.")
438-
}
439-
apiServerNetworkPolicy.Spec.Egress = append(apiServerNetworkPolicy.Spec.Egress, dnsRule)
417+
dnsRule = r.getDNSEgressRule(reqLogger, "dns-default", "openshift-dns")
418+
} else { // Otherwise, support CoreDNS NetworkPolicy by default
419+
dnsRule = r.getDNSEgressRule(reqLogger, "kube-dns", "kube-system")
440420
}
421+
apiServerNetworkPolicy.Spec.Egress = append(apiServerNetworkPolicy.Spec.Egress, dnsRule)
441422

442423
rule := networkingv1.NetworkPolicyEgressRule{}
443424
if apiServerEndpoints, err := r.getEndpoints("kubernetes", "default"); err == nil {

0 commit comments

Comments
 (0)