Skip to content

Bug: Refactor NetworkPolicy reconciler #372

New issue
New issue
Open
Bug
#446
Open
Bug: Refactor NetworkPolicy reconciler#372
Bug
#446
Assignees
saurabh3460
Labels
bugSomething isn't workinggood first issueGood for newcomershelp wantedExtra attention is needed
@Rahul-D78

Description

@Rahul-D78
Rahul-D78
opened on Apr 15, 2024

📜 Description

Currently, the NetworkPolicy reconciler is updating the NetworkPolicy resource in the application namespace even if there is no change. It also updates the slice.Status.NetworkPoliciesInstalled field to true during each reconciliation interval. And generating events and logs in the for loop.

👟 Reproduction steps

Create a slice resource and onboard few application namespaces. You can see logs like Installed netpol for namespace successfully and Updated network policy very frequently.

👍 Expected behavior

It should update the NetworkPolicy and Slice resource conditionally when update is required. And generate the logs and events after the create / update rather than generating inside a for loop.

👎 Actual Behavior

Currently the reconciler is performing the update calls to the k8s api server very frequently. Which might impact the performance if the number of resources grows.

🐚 Relevant log output

No response

Version

No response

🖥️ What operating system are you seeing the problem on?

No response

✅ Proposed Solution

The below line can be simlified by checking if the NetworkPoliciesInstalled field is false then only set it to true.

Before:

slice.Status.NetworkPoliciesInstalled = true
return r.Status().Update(ctx, slice)

After:

if !slice.Status.NetworkPoliciesInstalled {
	slice.Status.NetworkPoliciesInstalled = true
	return r.Status().Update(ctx, slice)
}
return nil

Instead of generating log in a for we can generate it after the netpol resource got created for the first time, Currently It is generating logs and event for each iteration for both create and update.

for _, appNsObj := range appNsList.Items {
	err = r.installSliceNetworkPolicyInAppNs(ctx, slice, appNsObj.ObjectMeta.Name)
	if err != nil {
           ....
        }
	utils.RecordEvent(ctx, r.EventRecorder, slice, nil, ossEvents.EventNetPolAdded, "slice_reconciler")
	log.Info("Installed netpol for namespace successfully", "namespace", appNsObj.ObjectMeta.Name)
}

In the installSliceNetworkPolicyInAppNs method we are updating the resource in each reconciliation interval, Instead we can get the actual resource if it not found then we can create it else we can compare it with the constructed resource and update it if it not equal. This line log.Info("Updated network policy", "namespace", appNs) can be called when there is an update.

👀 Have you spent some time to check if this issue has been raised before?

  • I checked and didn't find any similar issue

Code of Conduct

  • I agree to follow this project's Code of Conduct

Metadata

Metadata

Assignees

Labels

bugSomething isn't workinggood first issueGood for newcomershelp wantedExtra attention is needed

Type

Bug

Projects

KubeSlice Roadmap

Status

In Progress

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions