full sync when namespace labels change (#917)

pkg/controllers/netpol/namespace.go

@@ -0,0 +1,60 @@
+package netpol
+
+import (
+	"github.com/golang/glog"
+	api "k8s.io/api/core/v1"
+	"k8s.io/client-go/tools/cache"
+	"reflect"
+)
+
+func (npc *NetworkPolicyController) newNamespaceEventHandler() cache.ResourceEventHandler {
+	return cache.ResourceEventHandlerFuncs{
+		AddFunc: func(obj interface{}) {
+			npc.handleNamespaceAdd(obj.(*api.Namespace))
+		},
+		UpdateFunc: func(oldObj, newObj interface{}) {
+			npc.handleNamespaceUpdate(oldObj.(*api.Namespace), newObj.(*api.Namespace))
+		},
+		DeleteFunc: func(obj interface{}) {
+			switch obj := obj.(type) {
+			case *api.Namespace:
+				npc.handleNamespaceDelete(obj)
+				return
+			case cache.DeletedFinalStateUnknown:
+				if namespace, ok := obj.Obj.(*api.Namespace); ok {
+					npc.handleNamespaceDelete(namespace)
+					return
+				}
+			default:
+				glog.Errorf("unexpected object type: %v", obj)
+			}
+		},
+	}
+}
+
+func (npc *NetworkPolicyController) handleNamespaceAdd(obj *api.Namespace) {
+	if npc.v1NetworkPolicy && obj.Labels == nil {
+		return
+	}
+	glog.V(2).Infof("Received update for namespace: %s", obj.Name)
+
+	npc.RequestFullSync()
+}
+
+func (npc *NetworkPolicyController) handleNamespaceUpdate(oldObj, newObj *api.Namespace) {
+	if npc.v1NetworkPolicy && reflect.DeepEqual(oldObj.Labels, newObj.Labels) {
+		return
+	}
+	glog.V(2).Infof("Received update for namespace: %s", newObj.Name)
+
+	npc.RequestFullSync()
+}
+
+func (npc *NetworkPolicyController) handleNamespaceDelete(obj *api.Namespace) {
+	if npc.v1NetworkPolicy && obj.Labels == nil {
+		return
+	}
+	glog.V(2).Infof("Received namespace: %s delete event", obj.Name)
+
+	npc.RequestFullSync()
+}

pkg/controllers/netpol/network_policy_controller.go

@@ -195,18 +195,6 @@ func (npc *NetworkPolicyController) OnNetworkPolicyUpdate(obj interface{}) {
 	npc.RequestFullSync()
 }
 
-// OnNamespaceUpdate handles updates to namespace from kubernetes api server
-func (npc *NetworkPolicyController) OnNamespaceUpdate(obj interface{}) {
-	namespace := obj.(*api.Namespace)
-	// namespace (and annotations on it) has no significance in GA ver of network policy
-	if npc.v1NetworkPolicy {
-		return
-	}
-	glog.V(2).Infof("Received update for namespace: %s", namespace.Name)
-
-	npc.RequestFullSync()
-}
-
 // RequestFullSync allows the request of a full network policy sync without blocking the callee
 func (npc *NetworkPolicyController) RequestFullSync() {
 	select {
@@ -1663,23 +1651,6 @@ func (npc *NetworkPolicyController) newPodEventHandler() cache.ResourceEventHand
 	}
 }
 
-func (npc *NetworkPolicyController) newNamespaceEventHandler() cache.ResourceEventHandler {
-	return cache.ResourceEventHandlerFuncs{
-		AddFunc: func(obj interface{}) {
-			npc.OnNamespaceUpdate(obj)
-
-		},
-		UpdateFunc: func(oldObj, newObj interface{}) {
-			npc.OnNamespaceUpdate(newObj)
-
-		},
-		DeleteFunc: func(obj interface{}) {
-			npc.handleNamespaceDelete(obj)
-
-		},
-	}
-}
-
 func (npc *NetworkPolicyController) newNetworkPolicyEventHandler() cache.ResourceEventHandler {
 	return cache.ResourceEventHandlerFuncs{
 		AddFunc: func(obj interface{}) {
@@ -1714,28 +1685,6 @@ func (npc *NetworkPolicyController) handlePodDelete(obj interface{}) {
 	npc.RequestFullSync()
 }
 
-func (npc *NetworkPolicyController) handleNamespaceDelete(obj interface{}) {
-	namespace, ok := obj.(*api.Namespace)
-	if !ok {
-		tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
-		if !ok {
-			glog.Errorf("unexpected object type: %v", obj)
-			return
-		}
-		if namespace, ok = tombstone.Obj.(*api.Namespace); !ok {
-			glog.Errorf("unexpected object type: %v", obj)
-			return
-		}
-	}
-	// namespace (and annotations on it) has no significance in GA ver of network policy
-	if npc.v1NetworkPolicy {
-		return
-	}
-	glog.V(2).Infof("Received namespace: %s delete event", namespace.Name)
-
-	npc.RequestFullSync()
-}
-
 func (npc *NetworkPolicyController) handleNetworkPolicyDelete(obj interface{}) {
 	netpol, ok := obj.(*networking.NetworkPolicy)
 	if !ok {