Sets policy as isPolicyUniqueReachable when the latest policy pod is …

…ready. Updates the code used to check if a policy is unique reachable only when the pods from the last policy server deployment replicaset are ready.
kubewarden · Apr 5, 2022 · e46c266 · e46c266
1 parent f78efe8
commit e46c266
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 5 deletions.
diff --git a/controllers/policy_utils.go b/controllers/policy_utils.go
@@ -140,8 +140,8 @@ func reconcilePolicy(ctx context.Context, client client.Client, reconciler admis
 			Message: "The latest replica set is uniquely reachable",
 		},
 	)
-	policy.SetStatus(v1alpha2.PolicyStatusActive)
 
+	policy.SetStatus(v1alpha2.PolicyStatusActive)
 	return ctrl.Result{}, nil
 }
 

diff --git a/controllers/policystatus_utils.go b/controllers/policystatus_utils.go
@@ -80,14 +80,20 @@ func SetPolicyConfigurationCondition(policyServerConfigMap *corev1.ConfigMap, po
 	}
 }
 
+func isLatestReplicaSetFromPolicyServerDeployment(replicaSet *appsv1.ReplicaSet, policyServerDeployment *appsv1.Deployment) bool {
+	return replicaSet.Annotations[constants.KubernetesRevisionAnnotation] == policyServerDeployment.Annotations[constants.KubernetesRevisionAnnotation] &&
+		replicaSet.Annotations[constants.PolicyServerDeploymentConfigVersionAnnotation] == policyServerDeployment.Annotations[constants.PolicyServerDeploymentConfigVersionAnnotation]
+
+}
+
 func isPolicyUniquelyReachable(ctx context.Context, apiReader client.Reader, policyServerDeployment *appsv1.Deployment) bool {
 	replicaSets := appsv1.ReplicaSetList{}
-	if err := apiReader.List(ctx, &replicaSets, client.InNamespace(policyServerDeployment.Namespace)); err != nil {
+	if err := apiReader.List(ctx, &replicaSets, client.MatchingLabels{constants.PolicyServerLabelKey: policyServerDeployment.Labels[constants.PolicyServerLabelKey]}); err != nil {
 		return false
 	}
 	podTemplateHash := ""
 	for _, replicaSet := range replicaSets.Items {
-		if replicaSet.Annotations[constants.PolicyServerDeploymentConfigVersionAnnotation] == policyServerDeployment.Annotations[constants.PolicyServerDeploymentConfigVersionAnnotation] {
+		if isLatestReplicaSetFromPolicyServerDeployment(&replicaSet, policyServerDeployment) {
 			podTemplateHash = replicaSet.Labels[appsv1.DefaultDeploymentUniqueLabelKey]
 			break
 		}
@@ -96,7 +102,7 @@ func isPolicyUniquelyReachable(ctx context.Context, apiReader client.Reader, pol
 		return false
 	}
 	pods := corev1.PodList{}
-	if err := apiReader.List(ctx, &pods, client.InNamespace(policyServerDeployment.Namespace)); err != nil {
+	if err := apiReader.List(ctx, &pods, client.MatchingLabels{constants.PolicyServerLabelKey: policyServerDeployment.Labels[constants.PolicyServerLabelKey]}); err != nil {
 		return false
 	}
 	if len(pods.Items) == 0 {
@@ -110,7 +116,6 @@ func isPolicyUniquelyReachable(ctx context.Context, apiReader client.Reader, pol
 			return false
 		}
 	}
-
 	return true
 }
 

diff --git a/internal/pkg/constants/constants.go b/internal/pkg/constants/constants.go
@@ -44,4 +44,7 @@ const (
 
 	// Finalizers
 	KubewardenFinalizer = "kubewarden"
+
+	// Kubernetes
+	KubernetesRevisionAnnotation = "deployment.kubernetes.io/revision"
 )