Skip to content

Commit

Permalink
Merge pull request #174 from metal-stack/173-stale-state-in-dns-based…
Browse files Browse the repository at this point in the history 
…-cwnps

Properly refresh fqdn_state of DNS-based CWNPs
  • Loading branch information
@mreiger
mreiger committed Jan 8, 2024
2 parents 0009a3c + 3b52a33 commit 9544b36
Showing 1 changed file with 2 additions and 5 deletions.
7 changes: 2 additions & 5 deletions pkg/nftables/networkpolicy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ func clusterwideNetworkPolicyEgressRules(
ruleBases = append(ruleBases, ruleBase{base: rb})
} else if len(e.ToFQDNs) > 0 && cache.IsInitialized() {
// Generate allow rules based on DNS selectors
rbs, u := clusterwideNetworkPolicyEgressToFQDNRules(cache, np.Status.FQDNState, e)
rbs, u := clusterwideNetworkPolicyEgressToFQDNRules(cache, e)
np.Status.FQDNState = u
ruleBases = append(ruleBases, rbs...)
}
Expand Down Expand Up @@ -112,12 +112,9 @@ func clusterwideNetworkPolicyEgressToRules(e firewallv1.EgressRule) (allow, exce

func clusterwideNetworkPolicyEgressToFQDNRules(
cache FQDNCache,
fqdnState firewallv1.FQDNState,
e firewallv1.EgressRule,
) (rules []ruleBase, updatedState firewallv1.FQDNState) {
if fqdnState == nil {
fqdnState = firewallv1.FQDNState{}
}
fqdnState := firewallv1.FQDNState{}

for _, fqdn := range e.ToFQDNs {
fqdnName := fqdn.MatchName
Expand Down

0 comments on commit 9544b36

Please sign in to comment.