fix(NPC): check if new pod is actionable

Previously, kube-router would do a full sync on a new pod whether or not the pod was in an actionable state. This led to needless syncs as many pods were missing PodIP addresses or other items necessary to apply policy. If a pod is missing these items it is better to wait for the next message that comes via the UpdateFunc below so that we know that the pod has all of the necessary items to apply policy to it.
cloudnativelabs · May 25, 2021 · f586d52 · f586d52
1 parent 8520865
commit f586d52
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/pkg/controllers/netpol/pod.go b/pkg/controllers/netpol/pod.go
@@ -14,8 +14,13 @@ import (
 func (npc *NetworkPolicyController) newPodEventHandler() cache.ResourceEventHandler {
 	return cache.ResourceEventHandlerFuncs{
 		AddFunc: func(obj interface{}) {
-			npc.OnPodUpdate(obj)
-
+			if podObj, ok := obj.(*api.Pod); ok {
+				// If the pod isn't yet actionable there is no action to take here anyway, so skip it. When it becomes
+				// actionable, we'll get an update below.
+				if isNetPolActionable(podObj) {
+					npc.OnPodUpdate(obj)
+				}
+			}
 		},
 		UpdateFunc: func(oldObj, newObj interface{}) {
 			newPodObj := newObj.(*api.Pod)