Skip to content

Commit

Permalink
modify network policy process
Browse files Browse the repository at this point in the history
  • Loading branch information
@hongzhen-ma
hongzhen-ma committed Dec 31, 2020
1 parent 171dcff commit 8e60866
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions pkg/controller/network_policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,6 +261,15 @@ func (c *Controller) handleUpdateNp(key string) error {
}
}
}
if len(np.Spec.Ingress) == 0 {
ingressAllowAsName := fmt.Sprintf("%s.%s.all", ingressAllowAsNamePrefix, protocol)
ingressExceptAsName := fmt.Sprintf("%s.%s.all", ingressExceptAsNamePrefix, protocol)
ingressPorts := []netv1.NetworkPolicyPort{}
if err := c.ovnClient.CreateIngressACL(fmt.Sprintf("%s/%s", np.Namespace, np.Name), pgName, ingressAllowAsName, ingressExceptAsName, protocol, ingressPorts); err != nil {
klog.Errorf("failed to create ingress acls for np %s, %v", key, err)
return err
}
}
}

asNames, err := c.ovnClient.ListAddressSet(np.Namespace, np.Name, "ingress")
Expand Down Expand Up @@ -361,6 +370,15 @@ func (c *Controller) handleUpdateNp(key string) error {
}
}
}
if len(np.Spec.Egress) == 0 {
egressAllowAsName := fmt.Sprintf("%s.%s.all", egressAllowAsNamePrefix, protocol)
egressExceptAsName := fmt.Sprintf("%s.%s.all", egressExceptAsNamePrefix, protocol)
egressPorts := []netv1.NetworkPolicyPort{}
if err := c.ovnClient.CreateEgressACL(fmt.Sprintf("%s/%s", np.Namespace, np.Name), pgName, egressAllowAsName, egressExceptAsName, protocol, egressPorts); err != nil {
klog.Errorf("failed to create egress acls for np %s, %v", key, err)
return err
}
}
}

asNames, err := c.ovnClient.ListAddressSet(np.Namespace, np.Name, "egress")
Expand Down

0 comments on commit 8e60866

Please sign in to comment.