📜 Description
Currently, the NetworkPolicy reconciler is updating the NetworkPolicy resource in the application namespace even if there is no change. It also updates the slice.Status.NetworkPoliciesInstalled field to true during each reconciliation interval. And generating events and logs in the for loop.
👟 Reproduction steps
Create a slice resource and onboard few application namespaces. You can see logs like Installed netpol for namespace successfully and Updated network policy very frequently.
👍 Expected behavior
It should update the NetworkPolicy and Slice resource conditionally when update is required. And generate the logs and events after the create / update rather than generating inside a for loop.
👎 Actual Behavior
Currently the reconciler is performing the update calls to the k8s api server very frequently. Which might impact the performance if the number of resources grows.
🐚 Relevant log output
No response
Version
No response
🖥️ What operating system are you seeing the problem on?
No response
✅ Proposed Solution
The below line can be simlified by checking if the NetworkPoliciesInstalled field is false then only set it to true.
Before:
slice.Status.NetworkPoliciesInstalled = true
return r.Status().Update(ctx, slice)
After:
if !slice.Status.NetworkPoliciesInstalled {
slice.Status.NetworkPoliciesInstalled = true
return r.Status().Update(ctx, slice)
}
return nilInstead of generating log in a for we can generate it after the netpol resource got created for the first time, Currently It is generating logs and event for each iteration for both create and update.
for _, appNsObj := range appNsList.Items {
err = r.installSliceNetworkPolicyInAppNs(ctx, slice, appNsObj.ObjectMeta.Name)
if err != nil {
....
}
utils.RecordEvent(ctx, r.EventRecorder, slice, nil, ossEvents.EventNetPolAdded, "slice_reconciler")
log.Info("Installed netpol for namespace successfully", "namespace", appNsObj.ObjectMeta.Name)
}In the installSliceNetworkPolicyInAppNs method we are updating the resource in each reconciliation interval, Instead we can get the actual resource if it not found then we can create it else we can compare it with the constructed resource and update it if it not equal. This line log.Info("Updated network policy", "namespace", appNs) can be called when there is an update.
👀 Have you spent some time to check if this issue has been raised before?
Code of Conduct
📜 Description
Currently, the NetworkPolicy reconciler is updating the NetworkPolicy resource in the application namespace even if there is no change. It also updates the
slice.Status.NetworkPoliciesInstalledfield to true during each reconciliation interval. And generating events and logs in the for loop.👟 Reproduction steps
Create a slice resource and onboard few application namespaces. You can see logs like
Installed netpol for namespace successfullyandUpdated network policyvery frequently.👍 Expected behavior
It should update the
NetworkPolicyandSliceresource conditionally when update is required. And generate the logs and events after the create / update rather than generating inside a for loop.👎 Actual Behavior
Currently the reconciler is performing the update calls to the k8s api server very frequently. Which might impact the performance if the number of resources grows.
🐚 Relevant log output
No response
Version
No response
🖥️ What operating system are you seeing the problem on?
No response
✅ Proposed Solution
The below line can be simlified by checking if the
NetworkPoliciesInstalledfield is false then only set it to true.Before:
After:
Instead of generating log in a for we can generate it after the netpol resource got created for the first time, Currently It is generating logs and event for each iteration for both create and update.
In the
installSliceNetworkPolicyInAppNsmethod we are updating the resource in each reconciliation interval, Instead we can get the actual resource if it not found then we can create it else we can compare it with the constructed resource and update it if it not equal. This linelog.Info("Updated network policy", "namespace", appNs)can be called when there is an update.👀 Have you spent some time to check if this issue has been raised before?
Code of Conduct