Skip to content

fix(): Optimize NetworkPolicy reconciler to reduce unnecessary API update calls and reduce log noise #446

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
greninja517 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix(): Optimize NetworkPolicy reconciler to reduce unnecessary API update calls and reduce log noise #446

greninja517 wants to merge 2 commits into from

Conversation

@greninja517
Copy link

@greninja517 greninja517 commented Aug 19, 2025

Description

This PR optimizes the NetworkPolicy reconciliation logic with following changes:

  • Conditional NetworkPolicy updates: Use equality.Semantic.DeepEqual() to compare specs and only update when different
  • Reduced logging frequency: Move logs and events outside the reconciliation loop
  • Smart status updates: Only update NetworkPoliciesInstalled when the field value actually changes
  • Better error handling: Continue processing all namespaces even if some fail

No breaking changes - all existing functionality preserved with improved performance

Fixes #372

How Has This Been Tested?

Checklist:

  • The title of the PR states what changed and the related issues number (used for the release note).
  • Does this PR requires documentation updates?
  • I've updated documentation as required by this PR.
  • I have ran go fmt
  • I have updated the helm chart as required by this PR.
  • I have performed a self-review of my own code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have tested it for all user roles.
  • I have added all the required unit test cases.
  • I have verified the E2E test cases with new code changes.
  • I have added all the required E2E test cases.

Does this PR introduce a breaking change?

@greninja517
Optimize NetworkPolicy reconciler to reduce unnecessary API update ca…
62a644b 
…lls and reduce log noise

Signed-off-by: anjal <anjalpoudel517+github@gmail.com>
@greninja517
Update error handling during status update of slice
922147b 
Signed-off-by: anjal <anjalpoudel517+github@gmail.com>
gourishkb
gourishkb reviewed Aug 26, 2025
View reviewed changes
controllers/slice/namespaces.go
}
}

if len(errors) > 0 {
Copy link
Contributor

@gourishkb gourishkb Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with this change we return an error after we have set the NetworkPoliciesInstalled status to true above even when only a part of the list of namespaces have the policies installed.

I would suggest to keep the current idea of keeping the NetworkPoliciesInstalled status to be false even when there is partial failure. Otherwise this gives the wrong impression to a regular user that all namespaces are network isolated according to the plan.

Copy link
Author

@greninja517 greninja517 Aug 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gourishkb , I was about to implement the same but here https://github.com/kubeslice/worker-operator/blob/master/api/v1beta1/slice_types.go#L131-L133, it is mentioned that slice.Status.NetworkPoliciesInstalled signifies at least one namespace has successfully NetworkPolicies installed. So, I have implemented the above approach.

Should I keep this slice.status.NetworkPoliciesInstalled value false even if there is partial failure ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gourishkb gourishkb gourishkb left review comments

@narmidm narmidm Awaiting requested review from narmidm

@bharath-avesha bharath-avesha Awaiting requested review from bharath-avesha bharath-avesha is a code owner

@richiesebastian richiesebastian Awaiting requested review from richiesebastian richiesebastian is a code owner

@Rahul-D78 Rahul-D78 Awaiting requested review from Rahul-D78 Rahul-D78 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug: Refactor NetworkPolicy reconciler

2 participants

@greninja517 @gourishkb