False positive warnings for Network Policies

[aszecowka]

Describe the bug
Let assume that I have the following network policy:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: ingress-to-my-mongo
spec:
  podSelector:
    matchLabels:
      app: my-mongo
  policyTypes:
    - Ingress
  ingress:
    - from:
        - podSelector:
            matchExpressions:
              - key: app
                operator: In
                values:
                  - my-mongo
                  - my-dashboard
                  

Then, Popeye reports the following warning:

 [POP-1200] No pods match Ingress pod selector

Expected behavior
No warning, if proper pods exist.

Screenshots
If applicable, add screenshots to help explain your problem.

Versions (please complete the following information):

• Popeye - from the master branch

Additional context
I have found two possible problems in the source code.
In cache/pod.go:

// ListPodsBySelector list all pods matching the given selector.
func (p *Pod) ListPodsBySelector(ns string, sel *metav1.LabelSelector) map[string]*v1.Pod {
	res := map[string]*v1.Pod{}
	if sel == nil {
		return res
	}
	for fqn, po := range p.pods {
		if po.Namespace == ns && matchLabels(po.ObjectMeta.Labels, sel.MatchLabels) {
			res[fqn] = po
		}
	}

	return res
}

matchLabels function takes into account only MatchLabels field from LabelSelector, but it seems to ignore MatchExpressions.

Another problem is that you are listing only pods by selector. What will happen if we have a CronJob that was not yet scheduled, so pods do not exist, or there is a deployment scaled to 0 pods, probably in such a case warning will be reported, but IMO it should be not reported.

[derailed]

@aszecowka Excellent report! Fixed v0.9.1