Bug: Refactor NetworkPolicy reconciler

[Rahul-D78]

📜 Description

Currently, the NetworkPolicy reconciler is updating the NetworkPolicy resource in the application namespace even if there is no change. It also updates the slice.Status.NetworkPoliciesInstalled field to true during each reconciliation interval. And generating events and logs in the for loop.

👟 Reproduction steps

Create a slice resource and onboard few application namespaces. You can see logs like Installed netpol for namespace successfully and Updated network policy very frequently.

👍 Expected behavior

It should update the NetworkPolicy and Slice resource conditionally when update is required. And generate the logs and events after the create / update rather than generating inside a for loop.

👎 Actual Behavior

Currently the reconciler is performing the update calls to the k8s api server very frequently. Which might impact the performance if the number of resources grows.

🐚 Relevant log output

No response

Version

No response

🖥️ What operating system are you seeing the problem on?

No response

✅ Proposed Solution

The below line can be simlified by checking if the NetworkPoliciesInstalled field is false then only set it to true.

Before:

slice.Status.NetworkPoliciesInstalled = true
return r.Status().Update(ctx, slice)

After:

if !slice.Status.NetworkPoliciesInstalled {
	slice.Status.NetworkPoliciesInstalled = true
	return r.Status().Update(ctx, slice)
}
return nil

Instead of generating log in a for we can generate it after the netpol resource got created for the first time, Currently It is generating logs and event for each iteration for both create and update.

for _, appNsObj := range appNsList.Items {
	err = r.installSliceNetworkPolicyInAppNs(ctx, slice, appNsObj.ObjectMeta.Name)
	if err != nil {
           ....
        }
	utils.RecordEvent(ctx, r.EventRecorder, slice, nil, ossEvents.EventNetPolAdded, "slice_reconciler")
	log.Info("Installed netpol for namespace successfully", "namespace", appNsObj.ObjectMeta.Name)
}

In the installSliceNetworkPolicyInAppNs method we are updating the resource in each reconciliation interval, Instead we can get the actual resource if it not found then we can create it else we can compare it with the constructed resource and update it if it not equal. This line log.Info("Updated network policy", "namespace", appNs) can be called when there is an update.

👀 Have you spent some time to check if this issue has been raised before?

• I checked and didn't find any similar issue

Code of Conduct

• I agree to follow this project's Code of Conduct

[BhavyaBh289]

I am interested in solving this issue and as a beginner can you guide me to solve this bug.

[narmidm]

sure @BhavyaBh289. I have assigned this issue to you. Let us know @BhavyaBh289, if you need any help with this issue or you can connect directly with @Rahul-D78 for any discussion on slack channel.

[BhavyaBh289]

How Do I start solving this bug and from Where can i get details for the Above And which will be good place to start this ?

[narmidm]

@BhavyaBh289 we can start discussion about the issue. If you are not in slack channel & ping @Rahul-D78 - https://kubernetes.slack.com/team/U023ELMEKM4 he will help you out.

[Rahul-D78]

Hey @BhavyaBh289 first you need to deploy kubeslice on your local cluster. You can refer the official doc page for the installation https://kubeslice.io/documentation/open-source/1.3.0/category/prerequisites
https://kubeslice.io/documentation/open-source/1.3.0/category/install-kubeslice/

Then you can create a slice and you have to made changes in the https://github.com/kubeslice/worker-operator/blob/master/controllers/slice/namespaces.go file.

[chetak123]

Hey @BhavyaBh289 are you still working on the issue ?