fix(): Optimize NetworkPolicy reconciler to reduce unnecessary API update calls and reduce log noise#446
Conversation
…lls and reduce log noise Signed-off-by: anjal <anjalpoudel517+github@gmail.com>
greninja517
requested review from
Rahul-D78,
bharath-avesha,
gourishkb,
narmidm and
richiesebastian
as code owners
Signed-off-by: anjal <anjalpoudel517+github@gmail.com>
| } | ||
| } | ||
|
|
||
| if len(errors) > 0 { |
There was a problem hiding this comment.
with this change we return an error after we have set the NetworkPoliciesInstalled status to true above even when only a part of the list of namespaces have the policies installed.
I would suggest to keep the current idea of keeping the NetworkPoliciesInstalled status to be false even when there is partial failure. Otherwise this gives the wrong impression to a regular user that all namespaces are network isolated according to the plan.
There was a problem hiding this comment.
@gourishkb , I was about to implement the same but here https://github.com/kubeslice/worker-operator/blob/master/api/v1beta1/slice_types.go#L131-L133, it is mentioned that slice.Status.NetworkPoliciesInstalled signifies at least one namespace has successfully NetworkPolicies installed. So, I have implemented the above approach.
Should I keep this slice.status.NetworkPoliciesInstalled value false even if there is partial failure ?
2 participants
Description
This PR optimizes the NetworkPolicy reconciliation logic with following changes:
equality.Semantic.DeepEqual()to compare specs and only update when differentNetworkPoliciesInstalledwhen the field value actually changesNo breaking changes - all existing functionality preserved with improved performance
Fixes #372
How Has This Been Tested?
Checklist:
go fmtDoes this PR introduce a breaking change?