in controllers/policyendpoints_controller.go [521:596]
func (r *PolicyEndpointsReconciler) deriveTargetPodsForParentNP(ctx context.Context,
parentNP, resourceNamespace, resourceName string) ([]types.NamespacedName, map[string]bool, []types.NamespacedName) {
var targetPods, podsToBeCleanedUp, currentPods []types.NamespacedName
var targetPodIdentifiers []string
podIdentifiers := make(map[string]bool)
currentPE := &policyk8sawsv1.PolicyEndpoint{}
r.log.Info("Parent NP resource:", "Name: ", parentNP)
parentPEList := r.derivePolicyEndpointsOfParentNP(ctx, parentNP, resourceNamespace)
r.log.Info("Total PEs for Parent NP:", "Count: ", len(parentPEList))
policyEndpointIdentifier := utils.GetPolicyEndpointIdentifier(resourceName,
resourceNamespace)
// Gather the current set of pods (local to the node) that are configured with this policy rules.
existingPods, podsPresent := r.policyEndpointSelectorMap.Load(policyEndpointIdentifier)
if podsPresent {
existingPodsSlice := existingPods.([]types.NamespacedName)
for _, pods := range existingPodsSlice {
currentPods = append(currentPods, pods)
r.log.Info("Current pods for this slice : ", "Pod name", pods.Name, "Pod namespace", pods.Namespace)
}
}
if len(parentPEList) == 0 {
podsToBeCleanedUp = append(podsToBeCleanedUp, currentPods...)
r.policyEndpointSelectorMap.Delete(policyEndpointIdentifier)
r.log.Info("No PEs left: ", "number of pods to cleanup - ", len(podsToBeCleanedUp))
}
for _, policyEndpointResource := range parentPEList {
r.log.Info("Derive PE Object ", "Name ", policyEndpointResource)
peNamespacedName := types.NamespacedName{
Name: policyEndpointResource,
Namespace: resourceNamespace,
}
if err := r.k8sClient.Get(ctx, peNamespacedName, currentPE); err != nil {
if apierrors.IsNotFound(err) {
continue
}
}
r.log.Info("Processing PE ", "Name ", policyEndpointResource)
currentTargetPods, currentPodIdentifiers := r.deriveTargetPods(ctx, currentPE, parentPEList)
r.log.Info("Adding to current targetPods", "Total pods: ", len(currentTargetPods))
targetPods = append(targetPods, currentTargetPods...)
for podIdentifier, _ := range currentPodIdentifiers {
podIdentifiers[podIdentifier] = true
targetPodIdentifiers = append(targetPodIdentifiers, podIdentifier)
}
}
//Update active podIdentifiers selected by the current Network Policy
stalePodIdentifiers := r.deriveStalePodIdentifiers(ctx, resourceName, targetPodIdentifiers)
for _, policyEndpointResource := range parentPEList {
policyEndpointIdentifier := utils.GetPolicyEndpointIdentifier(policyEndpointResource,
resourceNamespace)
if len(targetPods) > 0 {
r.log.Info("Update target pods for PE Object ", "Name ", policyEndpointResource, " with Total pods: ", len(targetPods))
r.policyEndpointSelectorMap.Store(policyEndpointIdentifier, targetPods)
} else {
r.log.Info("No more target pods so deleting the entry in PE selector map for ", "Name ", policyEndpointResource)
r.policyEndpointSelectorMap.Delete(policyEndpointIdentifier)
}
for _, podIdentifier := range stalePodIdentifiers {
r.deletePolicyEndpointFromPodIdentifierMap(ctx, podIdentifier, policyEndpointResource)
}
}
//Update active podIdentifiers selected by the current Network Policy
r.networkPolicyToPodIdentifierMap.Store(utils.GetParentNPNameFromPEName(resourceName), targetPodIdentifiers)
if len(currentPods) > 0 {
podsToBeCleanedUp = r.getPodListToBeCleanedUp(currentPods, targetPods, podIdentifiers)
}
return targetPods, podIdentifiers, podsToBeCleanedUp
}