Commits on Apr 24, 2023

1. k8s/watchers: Fix erroneous warning logs due to empty CIDRGroupRef …

   Previously, the logic to detect whether a CIDRGroupRef has been set did
   not consider CNP policies which only reference a CIDR. This is relevant
   because CIDRs and CIDRGroupRefs are mutually exclusive, i.e.  oneOf
   validation is applied on them.
   
   This triggered the following warning log to be triggered quite often as
   each update to the CNP would run through the translation logic:
   
   ```
   level=warning msg="Unable to translate all cidr groups to cidrs" cidrGroupRef="[group-1 ]" ciliumNetworkPolicyName=tofqdn-dns-visibility error="cidr group \"group-1\" not found, skipping translation; cidr group \"\" not found, skipping translation" k8sApiVersion= k8sNamespace=default subsys=k8s-watcher
   ```
   
   For example, the following will trigger the buggy behavior:
   
   ```
   ingress:
     - fromCIDRSet:
       - cidr: "3.3.3.3/32"
   ```
   
   With the fix, we detect that a CIDR has been set and therefore, we avoid
   returning an empty CIDRGroupRef name.
   
   Fixes: dd4aba4 ("k8s: Add support for cidrGroupRef field in
   CNP/CCNP")
   Fixes: cilium#25020
   
   Signed-off-by: Chris Tarazi <chris@isovalent.com>

   

   christarazi committed Apr 24, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 781665a
   • Browse repository at this point

   Copy the full SHA

   781665a View commit details

   Browse the repository at this point in the history