Skip to content

Commit

Permalink
default deny is not required in namespace in v1.
Browse files Browse the repository at this point in the history 
Signed-off-by: Ranjith <rchirakk@users.noreply.github.com>
  • Loading branch information
@rchirakk
rchirakk committed Nov 2, 2017
1 parent b1bc3b2 commit 6a4b06f
Showing 1 changed file with 0 additions and 31 deletions.
31 changes: 0 additions & 31 deletions netmaster/k8snetwork/networkpolicy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,27 +311,6 @@ func (k8sNet *k8sContext) deleteDefaultIngressPolicy(ns string) {
}
}

func (k8sNet *k8sContext) processK8sNamespace(opCode watch.EventType, ns *v1.Namespace) {
if ns.Name == "kube-system" {
return
}

action := k8sNet.getIsolationPolicy(ns.Annotations)

npLog.Infof("process [%s] namespace isolation policy [%s], %+v", opCode, action, ns.Annotations)

switch opCode {
case watch.Added, watch.Modified:
if action == "none" {
k8sNet.deleteDefaultIngressPolicy(ns.Name)
} else {
k8sNet.updateDefaultIngressPolicy(ns.Name, action)
}
case watch.Deleted:
k8sNet.deleteDefaultIngressPolicy(ns.Name)
}
}

func (k8sNet *k8sContext) processK8sNetworkPolicy(opCode watch.EventType, np *v1beta1.NetworkPolicy) {
if np.Namespace == "kube-system" { // not applicable for system namespace
return
Expand All @@ -350,8 +329,6 @@ func (k8sNet *k8sContext) processK8sEvent(opCode watch.EventType, eventObj inter
return
}
switch objType := eventObj.(type) {
case *v1.Namespace:
k8sNet.processK8sNamespace(opCode, objType)

case *v1beta1.NetworkPolicy:
k8sNet.processK8sNetworkPolicy(opCode, objType)
Expand All @@ -375,14 +352,6 @@ func (k8sNet *k8sContext) watchK8sEvents(errChan chan error) {
selCase = append(selCase, reflect.SelectCase{Dir: reflect.SelectRecv,
Chan: reflect.ValueOf(npWatch.ResultChan())})

nsWatch, err := k8sNet.k8sClientSet.CoreV1().Namespaces().Watch(v1.ListOptions{})
if err != nil {
errChan <- fmt.Errorf("failed to watch namespaces, %s", err)
return
}
selCase = append(selCase, reflect.SelectCase{Dir: reflect.SelectRecv,
Chan: reflect.ValueOf(nsWatch.ResultChan())})

for {
_, recVal, ok := reflect.Select(selCase)
if !ok {
Expand Down

0 comments on commit 6a4b06f

Please sign in to comment.