Merge pull request #373 from Pavani-Panakanti/release-1.2-merge

Merge main into release-1.2

Author: Pavani-Panakanti

controllers/policyendpoints_controller.go

@@ -224,14 +224,16 @@ func (r *PolicyEndpointsReconciler) cleanUpPolicyEndpoint(ctx context.Context, r
 func (r *PolicyEndpointsReconciler) IsProgFdShared(targetPodName string,
 	targetPodNamespace string) (bool, error) {
 	targetpodNamespacedName := utils.GetPodNamespacedName(targetPodName, targetPodNamespace)
-	foundShared := false
 	// check ingress caches
 	if targetProgFD, ok := r.ebpfClient.GetIngressPodToProgMap().Load(targetpodNamespacedName); ok {
 		if currentList, ok := r.ebpfClient.GetIngressProgToPodsMap().Load(targetProgFD); ok {
 			podsList, ok := currentList.(map[string]struct{})
-			if ok && len(podsList) > 1 {
-				foundShared = true
-				r.log.Info("isProgFdShared", "Found shared ingress progFD for target: ", targetPodName, "progFD: ", targetProgFD)
+			if ok {
+				if len(podsList) > 1 {
+					r.log.Info("isProgFdShared", "Found shared ingress progFD for target: ", targetPodName, "progFD: ", targetProgFD)
+					return true, nil
+				}
+				return false, nil // Not shared (only one pod)
 			}
 		}
 	}
@@ -240,19 +242,19 @@ func (r *PolicyEndpointsReconciler) IsProgFdShared(targetPodName string,
 	if targetProgFD, ok := r.ebpfClient.GetEgressPodToProgMap().Load(targetpodNamespacedName); ok {
 		if currentList, ok := r.ebpfClient.GetEgressProgToPodsMap().Load(targetProgFD); ok {
 			podsList, ok := currentList.(map[string]struct{})
-			if ok && len(podsList) > 1 {
-				foundShared = true
-				r.log.Info("IsProgFdShared", "Found shared egress progFD for target:", targetPodName, "progFD:", targetProgFD)
+			if ok {
+				if len(podsList) > 1 {
+					r.log.Info("IsProgFdShared", "Found shared egress progFD for target:", targetPodName, "progFD:", targetProgFD)
+					return true, nil
+				}
+				return false, nil // Not shared (only one pod)
 			}
 		}
 	}
 
 	// If not found in both maps, return an error
-	if !foundShared {
-		r.log.Info("IsProgFdShared", "Pod not found in either IngressPodToProgMap or EgressPodToProgMap:", targetpodNamespacedName)
-		return false, fmt.Errorf("pod not found in either IngressPodToProgMap or EgressPodToProgMap: %s", targetpodNamespacedName)
-	}
-	return true, nil
+	r.log.Info("IsProgFdShared", "Pod not found in either IngressPodToProgMap or EgressPodToProgMap:", targetpodNamespacedName)
+	return false, fmt.Errorf("pod not found in either IngressPodToProgMap or EgressPodToProgMap: %s", targetpodNamespacedName)
 }
 
 func (r *PolicyEndpointsReconciler) updatePolicyEnforcementStatusForPods(ctx context.Context, policyEndpointName string,

pkg/ebpf/bpf_client.go

@@ -372,17 +372,6 @@ func checkAndUpdateBPFBinaries(bpfTCClient tc.BpfTc, bpfBinaries []string, hostB
 			}
 		}
 	}
-
-	//Clean up probes
-	if updateIngressProbe || updateEgressProbe {
-		err := bpfTCClient.CleanupQdiscs(updateIngressProbe, updateEgressProbe)
-		if err != nil {
-			log.Error(err, "Probe cleanup failed")
-			sdkAPIErr.WithLabelValues("CleanupQdiscs").Inc()
-			return updateIngressProbe, updateEgressProbe, updateEventsProbe, err
-		}
-	}
-
 	return updateIngressProbe, updateEgressProbe, updateEventsProbe, nil
 }
 

scripts/lib/cluster.sh

@@ -17,7 +17,7 @@ function load_default_values(){
 
     # If Kubernetes version is not passed then use the latest available version
     if [[ -z $K8S_VERSION ]]; then
-        K8S_VERSION=$(eksctl version -o json | jq -r '.EKSServerSupportedVersions | sort | reverse | .[0]')
+        K8S_VERSION=$(eksctl utils describe-cluster-versions | jq -r '.clusterVersions[0].ClusterVersion')
     fi
 
 }