Skip to content

fix: [NPM] windows-specific controller race leads to policy doesn't exist error while policy is pending #1400

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 25, 2022
Merged

fix: [NPM] windows-specific controller race leads to policy doesn't exist error while policy is pending #1400

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 17 additions & 9 deletions npm/pkg/dataplane/dataplane.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,10 @@ type DataPlane struct {
endpointCache map[string]*NPMEndpoint
ioShim *common.IOShim
updatePodCache map[string]*updateNPMPod
stopChannel <-chan struct{}
// pendingPolicies includes the policy keys of policies which may
// be referenced by ipsets but have not been applied to the kernel yet
pendingPolicies map[string]struct{}
stopChannel <-chan struct{}
}

// TODO this struct could be made unexported
Expand All @@ -50,14 +53,15 @@ type NPMEndpoint struct {
func NewDataPlane(nodeName string, ioShim *common.IOShim, cfg *Config, stopChannel <-chan struct{}) (*DataPlane, error) {
metrics.InitializeAll()
dp := &DataPlane{
Config: cfg,
policyMgr: policies.NewPolicyManager(ioShim, cfg.PolicyManagerCfg),
ipsetMgr: ipsets.NewIPSetManager(cfg.IPSetManagerCfg, ioShim),
endpointCache: make(map[string]*NPMEndpoint),
nodeName: nodeName,
ioShim: ioShim,
updatePodCache: make(map[string]*updateNPMPod),
stopChannel: stopChannel,
Config: cfg,
policyMgr: policies.NewPolicyManager(ioShim, cfg.PolicyManagerCfg),
ipsetMgr: ipsets.NewIPSetManager(cfg.IPSetManagerCfg, ioShim),
endpointCache: make(map[string]*NPMEndpoint),
nodeName: nodeName,
ioShim: ioShim,
updatePodCache: make(map[string]*updateNPMPod),
pendingPolicies: make(map[string]struct{}),
stopChannel: stopChannel,
}

err := dp.BootupDataplane()
Expand Down Expand Up @@ -202,6 +206,9 @@ func (dp *DataPlane) ApplyDataPlane() error {
// AddPolicy takes in a translated NPMNetworkPolicy object and applies on dataplane
func (dp *DataPlane) AddPolicy(policy *policies.NPMNetworkPolicy) error {
klog.Infof("[DataPlane] Add Policy called for %s", policy.PolicyKey)

dp.pendingPolicies[policy.PolicyKey] = struct{}{}

// Create and add references for Selector IPSets first
err := dp.createIPSetsAndReferences(policy.AllPodSelectorIPSets(), policy.PolicyKey, ipsets.SelectorType)
if err != nil {
Expand Down Expand Up @@ -229,6 +236,7 @@ func (dp *DataPlane) AddPolicy(policy *policies.NPMNetworkPolicy) error {
if err != nil {
return fmt.Errorf("[DataPlane] error while adding policy: %w", err)
}
delete(dp.pendingPolicies, policy.PolicyKey)
return nil
}

Expand Down
4 changes: 3 additions & 1 deletion npm/pkg/dataplane/dataplane_windows.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,9 @@ func (dp *DataPlane) updatePod(pod *updateNPMPod) error {
}

for policyKey := range selectorReference {
toAddPolicies[policyKey] = struct{}{}
if _, ok := dp.pendingPolicies[policyKey]; !ok {
toAddPolicies[policyKey] = struct{}{}
}
}
}

Expand Down