From 852086533f39800099e70a1bac79d378b9b157b3 Mon Sep 17 00:00:00 2001 From: Aaron U'Ren Date: Sun, 23 May 2021 18:13:39 -0500 Subject: [PATCH] fix(NPC): remove HostNetwork check from OnPodUpdate With the previous logic, if a pod changed from having HostNetwork = False to HostNetwork = True, NPC would not trigger a refresh to clear out the rules that once applied. Now this check has been moved lower in the fullPolicySync() logic so that it accounts for these pods naturally. --- pkg/controllers/netpol/pod.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/pkg/controllers/netpol/pod.go b/pkg/controllers/netpol/pod.go index f5699c29e..eb8ecea1f 100644 --- a/pkg/controllers/netpol/pod.go +++ b/pkg/controllers/netpol/pod.go @@ -36,10 +36,6 @@ func (npc *NetworkPolicyController) newPodEventHandler() cache.ResourceEventHand // OnPodUpdate handles updates to pods from the Kubernetes api server func (npc *NetworkPolicyController) OnPodUpdate(obj interface{}) { pod := obj.(*api.Pod) - if pod.Spec.HostNetwork { - klog.V(2).Infof("Ignoring update to hostNetwork pod: %s/%s", pod.Namespace, pod.Name) - return - } klog.V(2).Infof("Received update to pod: %s/%s", pod.Namespace, pod.Name) npc.RequestFullSync()