netpol: fix packet drop casued by incorrect address set deletion (#2677)

zhangzujian · zhangzujian · commit a4cae607ff00 · 2023-04-20T09:56:07.000+08:00
diff --git a/pkg/controller/network_policy.go b/pkg/controller/network_policy.go
@@ -242,18 +242,6 @@ func (c *Controller) handleUpdateNp(key string) error {
 		}
 	}
 
-	ingressAsNames, err := c.ovnLegacyClient.ListNpAddressSet(np.Namespace, npName, "ingress")
-	if err != nil {
-		klog.Errorf("failed to list ingress address_set, %v", err)
-		return err
-	}
-	for _, ingressAsName := range ingressAsNames {
-		if err = c.ovnLegacyClient.DeleteAddressSet(ingressAsName); err != nil {
-			klog.Errorf("failed to delete np %s address set, %v", key, err)
-			return err
-		}
-	}
-
 	var ingressAclCmd []string
 	exist, err := c.ovnLegacyClient.PortGroupExists(pgName)
 	if err != nil {
@@ -389,18 +377,6 @@ func (c *Controller) handleUpdateNp(key string) error {
 		}
 	}
 
-	egressAsNames, err := c.ovnLegacyClient.ListNpAddressSet(np.Namespace, npName, "egress")
-	if err != nil {
-		klog.Errorf("failed to list egress address_set, %v", err)
-		return err
-	}
-	for _, egressAsName := range egressAsNames {
-		if err = c.ovnLegacyClient.DeleteAddressSet(egressAsName); err != nil {
-			klog.Errorf("failed to delete np %s address set, %v", key, err)
-			return err
-		}
-	}
-
 	var egressAclCmd []string
 	exist, err = c.ovnLegacyClient.PortGroupExists(pgName)
 	if err != nil {
