fix(NPC): remove HostNetwork check from OnPodUpdate

With the previous logic, if a pod changed from having HostNetwork = False to HostNetwork = True, NPC would not trigger a refresh to clear out the rules that once applied. Now this check has been moved lower in the fullPolicySync() logic so that it accounts for these pods naturally.
cloudnativelabs · May 25, 2021 · 8520865 · 8520865
1 parent 81d52c2
commit 8520865
Showing 1 changed file with 0 additions and 4 deletions.
diff --git a/pkg/controllers/netpol/pod.go b/pkg/controllers/netpol/pod.go
@@ -36,10 +36,6 @@ func (npc *NetworkPolicyController) newPodEventHandler() cache.ResourceEventHand
 // OnPodUpdate handles updates to pods from the Kubernetes api server
 func (npc *NetworkPolicyController) OnPodUpdate(obj interface{}) {
 	pod := obj.(*api.Pod)
-	if pod.Spec.HostNetwork {
-		klog.V(2).Infof("Ignoring update to hostNetwork pod: %s/%s", pod.Namespace, pod.Name)
-		return
-	}
 	klog.V(2).Infof("Received update to pod: %s/%s", pod.Namespace, pod.Name)
 
 	npc.RequestFullSync()