interceptor builds

fix loggin regressions and slim down interface fix test put nfqueue in a seperate package have to default config first duplicate metrics don't clean up rules till the end more to shutdown keep tryig thin down interface some type verdict shave out things that are uncessary for interception
kubernetes-sigs · Nov 25, 2024 · 583a637 · 583a637
1 parent c26c8d5
commit 583a637
Show file tree

Hide file tree

Showing 11 changed files with 720 additions and 612 deletions.
diff --git a/cmd/main.go b/cmd/main.go
@@ -8,10 +8,10 @@ import (
 	"net/http"
 	"os"
 	"os/signal"
-	"time"
 
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"sigs.k8s.io/kube-network-policies/pkg/networkpolicy"
+	"sigs.k8s.io/kube-network-policies/pkg/nfqinterceptor"
 	npaclient "sigs.k8s.io/network-policy-api/pkg/client/clientset/versioned"
 	npainformers "sigs.k8s.io/network-policy-api/pkg/client/informers/externalversions"
 	"sigs.k8s.io/network-policy-api/pkg/client/informers/externalversions/apis/v1alpha1"
@@ -148,13 +148,28 @@ func run() int {
 		utilruntime.HandleError(err)
 	}()
 
+	err = cfg.Defaults()
+	if err != nil {
+		logger.Error(err, "could not default config")
+		return 1
+	}
+
+	//TODO log config?
+
+	interceptor, err := nfqinterceptor.New(cfg)
+	if err != nil {
+		logger.Error(err, "could not start nfq interceptror")
+		return 1
+	}
+
 	networkPolicyController, err := networkpolicy.NewController(
 		clientset,
 		informersFactory.Networking().V1().NetworkPolicies(),
 		informersFactory.Core().V1().Namespaces(),
 		informersFactory.Core().V1().Pods(),
 		nodeInformer,
 		npaClient,
+		interceptor,
 		anpInformer,
 		banpInformer,
 		cfg,
@@ -163,19 +178,19 @@ func run() int {
 		logger.Error(err, "Can not start network policy controller")
 		return 1
 	}
-	go func() {
-		err := networkPolicyController.Run(ctx)
-		utilruntime.HandleError(err)
-	}()
+	err = networkPolicyController.Run(ctx)
+	if err != nil {
+		logger.Error(err, "Can not start network policy controller")
+		return 1
+	}
 
 	informersFactory.Start(ctx.Done())
 	if adminNetworkPolicy || baselineAdminNetworkPolicy {
 		npaInformerFactory.Start(ctx.Done())
 	}
 
-	<-ctx.Done()
+	//should block till its resources are cleane up.
+	interceptor.Run(ctx, networkPolicyController.EvaluatePacket)
 
-	// grace period to cleanup resources
-	time.Sleep(5 * time.Second)
 	return 0
 }