Skip to content

Commit 1b23022

Browse files
oilbeateroilbeater
committed
fiix panic if namespace is deleted before pod is processed
Signed-off-by: Mengxin Liu <[email protected]>
1 parent 0c9250b commit 1b23022

File tree

2 files changed

+30
-9
lines changed

2 files changed

+30
-9
lines changed

pkg/controller/network_policy.go

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -733,7 +733,15 @@ func (c *Controller) svcMatchNetworkPolicies(svc *corev1.Service) ([]string, err
733733
return nil, fmt.Errorf("failed to list netpols, %w", err)
734734
}
735735
match := set.New[string]()
736-
ns, _ := c.namespacesLister.Get(svc.Namespace)
736+
ns, err := c.namespacesLister.Get(svc.Namespace)
737+
if err != nil {
738+
if k8serrors.IsNotFound(err) {
739+
klog.V(3).Infof("namespace %s not found when matching network policies for service %s/%s", svc.Namespace, svc.Namespace, svc.Name)
740+
return match.UnsortedList(), nil
741+
}
742+
return nil, fmt.Errorf("failed to get namespace %s: %w", svc.Namespace, err)
743+
}
744+
737745
for _, pod := range pods {
738746
for _, np := range nps {
739747
key := cache.MetaObjectToName(np).String()

pkg/controller/pod.go

Lines changed: 21 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -242,6 +242,19 @@ func (c *Controller) enqueueAddPod(obj any) {
242242
}
243243
}
244244

245+
func (c *Controller) getNsLabels(nsName, podName string) map[string]string {
246+
podNs, err := c.namespacesLister.Get(nsName)
247+
if err != nil {
248+
if k8serrors.IsNotFound(err) {
249+
klog.V(3).Infof("namespace %s not found for pod %s, use empty ns labels", nsName, podName)
250+
} else {
251+
klog.Errorf("failed to get namespace %s: %v, use empty ns labels", nsName, err)
252+
}
253+
return nil
254+
}
255+
return podNs.Labels
256+
}
257+
245258
func (c *Controller) enqueueDeletePod(obj any) {
246259
var p *v1.Pod
247260
switch t := obj.(type) {
@@ -274,9 +287,9 @@ func (c *Controller) enqueueDeletePod(obj any) {
274287
}
275288

276289
if c.config.EnableANP {
277-
podNs, _ := c.namespacesLister.Get(p.Namespace)
278-
c.updateAnpsByLabelsMatch(podNs.Labels, p.Labels)
279-
c.updateCnpsByLabelsMatch(podNs.Labels, p.Labels)
290+
nsLabels := c.getNsLabels(p.Namespace, p.Name)
291+
c.updateAnpsByLabelsMatch(nsLabels, p.Labels)
292+
c.updateCnpsByLabelsMatch(nsLabels, p.Labels)
280293
}
281294

282295
key := cache.MetaObjectToName(p).String()
@@ -351,18 +364,18 @@ func (c *Controller) enqueueUpdatePod(oldObj, newObj any) {
351364
}
352365

353366
if c.config.EnableANP {
354-
podNs, _ := c.namespacesLister.Get(newPod.Namespace)
367+
nsLabels := c.getNsLabels(newPod.Namespace, newPod.Name)
355368
if !maps.Equal(oldPod.Labels, newPod.Labels) {
356-
c.updateAnpsByLabelsMatch(podNs.Labels, newPod.Labels)
357-
c.updateCnpsByLabelsMatch(podNs.Labels, newPod.Labels)
369+
c.updateAnpsByLabelsMatch(nsLabels, newPod.Labels)
370+
c.updateCnpsByLabelsMatch(nsLabels, newPod.Labels)
358371
}
359372

360373
for _, podNet := range podNets {
361374
oldAllocated := oldPod.Annotations[fmt.Sprintf(util.AllocatedAnnotationTemplate, podNet.ProviderName)]
362375
newAllocated := newPod.Annotations[fmt.Sprintf(util.AllocatedAnnotationTemplate, podNet.ProviderName)]
363376
if oldAllocated != newAllocated {
364-
c.updateAnpsByLabelsMatch(podNs.Labels, newPod.Labels)
365-
c.updateCnpsByLabelsMatch(podNs.Labels, newPod.Labels)
377+
c.updateAnpsByLabelsMatch(nsLabels, newPod.Labels)
378+
c.updateCnpsByLabelsMatch(nsLabels, newPod.Labels)
366379
break
367380
}
368381
}

0 commit comments

Comments
 (0)