Skip to content

Commit f07ec53

Browse files
jimmy-zhmurali-reddy
jimmy-zh
authored and
murali-reddy
committed
avoid duplicate peer pods in npc rules variables (#634)
1 parent bdfdc12 commit f07ec53

File tree

1 file changed

+18
-21
lines changed

1 file changed

+18
-21
lines changed

pkg/controllers/netpol/network_policy_controller.go

Lines changed: 18 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1181,23 +1181,20 @@ func (npc *NetworkPolicyController) buildNetworkPoliciesInfo() (*[]networkPolicy
11811181
ingressRule.matchAllSource = true
11821182
} else {
11831183
ingressRule.matchAllSource = false
1184-
var matchingPods []*api.Pod
11851184
for _, peer := range specIngressRule.From {
1186-
peerPods, err := npc.evalPodPeer(policy, peer)
1187-
matchingPods = append(matchingPods, peerPods...)
1188-
ingressRule.srcIPBlocks = append(ingressRule.srcIPBlocks, npc.evalIPBlockPeer(peer)...)
1189-
if err == nil {
1190-
for _, matchingPod := range matchingPods {
1191-
if matchingPod.Status.PodIP == "" {
1185+
if peerPods, err := npc.evalPodPeer(policy, peer); err == nil {
1186+
for _, peerPod := range peerPods {
1187+
if peerPod.Status.PodIP == "" {
11921188
continue
11931189
}
11941190
ingressRule.srcPods = append(ingressRule.srcPods,
1195-
podInfo{ip: matchingPod.Status.PodIP,
1196-
name: matchingPod.ObjectMeta.Name,
1197-
namespace: matchingPod.ObjectMeta.Namespace,
1198-
labels: matchingPod.ObjectMeta.Labels})
1191+
podInfo{ip: peerPod.Status.PodIP,
1192+
name: peerPod.ObjectMeta.Name,
1193+
namespace: peerPod.ObjectMeta.Namespace,
1194+
labels: peerPod.ObjectMeta.Labels})
11991195
}
12001196
}
1197+
ingressRule.srcIPBlocks = append(ingressRule.srcIPBlocks, npc.evalIPBlockPeer(peer)...)
12011198
}
12021199
}
12031200

@@ -1228,20 +1225,20 @@ func (npc *NetworkPolicyController) buildNetworkPoliciesInfo() (*[]networkPolicy
12281225
egressRule.matchAllDestinations = true
12291226
} else {
12301227
egressRule.matchAllDestinations = false
1231-
var matchingPods []*api.Pod
12321228
for _, peer := range specEgressRule.To {
1233-
peerPods, err := npc.evalPodPeer(policy, peer)
1234-
matchingPods = append(matchingPods, peerPods...)
1235-
egressRule.dstIPBlocks = append(egressRule.dstIPBlocks, npc.evalIPBlockPeer(peer)...)
1236-
if err == nil {
1237-
for _, matchingPod := range matchingPods {
1229+
if peerPods, err := npc.evalPodPeer(policy, peer); err == nil {
1230+
for _, peerPod := range peerPods {
1231+
if peerPod.Status.PodIP == "" {
1232+
continue
1233+
}
12381234
egressRule.dstPods = append(egressRule.dstPods,
1239-
podInfo{ip: matchingPod.Status.PodIP,
1240-
name: matchingPod.ObjectMeta.Name,
1241-
namespace: matchingPod.ObjectMeta.Namespace,
1242-
labels: matchingPod.ObjectMeta.Labels})
1235+
podInfo{ip: peerPod.Status.PodIP,
1236+
name: peerPod.ObjectMeta.Name,
1237+
namespace: peerPod.ObjectMeta.Namespace,
1238+
labels: peerPod.ObjectMeta.Labels})
12431239
}
12441240
}
1241+
egressRule.dstIPBlocks = append(egressRule.dstIPBlocks, npc.evalIPBlockPeer(peer)...)
12451242
}
12461243
}
12471244

0 commit comments

Comments
 (0)