diff --git a/npm/npm.go b/npm/npm.go index 6046bdbb2b..17075b12f0 100644 --- a/npm/npm.go +++ b/npm/npm.go @@ -47,6 +47,7 @@ type NetworkPolicyManager struct { nodeName string nsMap map[string]*namespace + podMap map[string]bool isAzureNpmChainCreated bool isSafeToCleanUpAzureNpmChain bool @@ -233,6 +234,7 @@ func NewNetworkPolicyManager(clientset *kubernetes.Clientset, informerFactory in npInformer: npInformer, nodeName: os.Getenv("HOSTNAME"), nsMap: make(map[string]*namespace), + podMap: make(map[string]bool), isAzureNpmChainCreated: false, isSafeToCleanUpAzureNpmChain: false, clusterState: telemetry.ClusterState{ diff --git a/npm/parsePolicy_test.go b/npm/parsePolicy_test.go index dd2b06eb08..54ed6258a7 100644 --- a/npm/parsePolicy_test.go +++ b/npm/parsePolicy_test.go @@ -4,7 +4,7 @@ import ( "reflect" "testing" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" @@ -287,7 +287,6 @@ func TestDeductPolicy(t *testing.T) { expectedPolicy := oldPolicy expectedPolicy.Spec.PolicyTypes = []networkingv1.PolicyType{ - networkingv1.PolicyTypeIngress, networkingv1.PolicyTypeEgress, } deductedPolicy, err := deductPolicy(&oldPolicy, &newPolicy) @@ -342,7 +341,6 @@ func TestDeductPolicy(t *testing.T) { expectedPolicy = oldPolicy expectedPolicy.Spec.Egress = []networkingv1.NetworkPolicyEgressRule{} expectedPolicy.Spec.PolicyTypes = []networkingv1.PolicyType{ - networkingv1.PolicyTypeIngress, networkingv1.PolicyTypeEgress, } deductedPolicy, err = deductPolicy(&oldPolicy, &newPolicy) diff --git a/npm/pod.go b/npm/pod.go index 5e38d9d267..e0a1e42f6e 100644 --- a/npm/pod.go +++ b/npm/pod.go @@ -96,6 +96,8 @@ func (npMgr *NetworkPolicyManager) AddPod(podObj *corev1.Pod) error { } } + npMgr.podMap[podNs+podName] = true + return nil } @@ -162,6 +164,11 @@ func (npMgr *NetworkPolicyManager) DeletePod(podObj *corev1.Pod) error { ipsMgr = npMgr.nsMap[util.KubeAllNamespacesFlag].ipsMgr ) + _, exists := npMgr.podMap[podNs+podName] + if !exists { + return nil + } + log.Printf("POD DELETING: [%s/%s/%s%+v%s]", podNs, podName, podNodeName, podLabels, podIP) // Delete the pod from its namespace's ipset. @@ -199,5 +206,7 @@ func (npMgr *NetworkPolicyManager) DeletePod(podObj *corev1.Pod) error { } } + delete(npMgr.podMap, podNs+podName) + return nil } diff --git a/npm/pod_test.go b/npm/pod_test.go index ba49a3bf63..ac6c2d0cc9 100644 --- a/npm/pod_test.go +++ b/npm/pod_test.go @@ -37,6 +37,7 @@ func TestisSystemPod(t *testing.T) { func TestAddPod(t *testing.T) { npMgr := &NetworkPolicyManager{ nsMap: make(map[string]*namespace), + podMap: make(map[string]bool), TelemetryEnabled: false, } @@ -59,7 +60,8 @@ func TestAddPod(t *testing.T) { podObj := &corev1.Pod{ ObjectMeta: metav1.ObjectMeta{ - Namespace: "test-pod", + Name: "test-pod", + Namespace: "test-namespace", Labels: map[string]string{ "app": "test-pod", }, @@ -80,6 +82,7 @@ func TestAddPod(t *testing.T) { func TestUpdatePod(t *testing.T) { npMgr := &NetworkPolicyManager{ nsMap: make(map[string]*namespace), + podMap: make(map[string]bool), TelemetryEnabled: false, } @@ -102,7 +105,8 @@ func TestUpdatePod(t *testing.T) { oldPodObj := &corev1.Pod{ ObjectMeta: metav1.ObjectMeta{ - Namespace: "old-test-pod", + Name: "old-test-pod", + Namespace: "test-namespace", Labels: map[string]string{ "app": "old-test-pod", }, @@ -115,7 +119,8 @@ func TestUpdatePod(t *testing.T) { newPodObj := &corev1.Pod{ ObjectMeta: metav1.ObjectMeta{ - Namespace: "new-test-pod", + Name: "new-test-pod", + Namespace: "test-namespace", Labels: map[string]string{ "app": "new-test-pod", }, @@ -140,6 +145,7 @@ func TestUpdatePod(t *testing.T) { func TestDeletePod(t *testing.T) { npMgr := &NetworkPolicyManager{ nsMap: make(map[string]*namespace), + podMap: make(map[string]bool), TelemetryEnabled: false, } @@ -162,7 +168,8 @@ func TestDeletePod(t *testing.T) { podObj := &corev1.Pod{ ObjectMeta: metav1.ObjectMeta{ - Namespace: "test-pod", + Name: "test-pod", + Namespace: "test-namespace", Labels: map[string]string{ "app": "test-pod", },