Skip to content

Commit

Permalink
fix: podSelector in networkpolicy should only consider pods in the sa…
Browse files Browse the repository at this point in the history 
…me ns
  • Loading branch information
@oilbeater
oilbeater committed Dec 16, 2019
1 parent a479e6e commit 23cad46
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion pkg/controller/network_policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -479,7 +479,7 @@ func (c *Controller) podMatchNetworkPolicies(pod *corev1.Pod) []string {

func isPodMatchNetworkPolicy(pod *corev1.Pod, podNs *corev1.Namespace, policy *netv1.NetworkPolicy, policyNs string) bool {
sel, _ := metav1.LabelSelectorAsSelector(&policy.Spec.PodSelector)
if sel.Matches(labels.Set(pod.Labels)) {
if podNs.Name == policyNs && sel.Matches(labels.Set(pod.Labels)) {
return true
}
for _, npr := range policy.Spec.Ingress {
Expand Down

0 comments on commit 23cad46

Please sign in to comment.