The current Sandbox Claim controller logic creates a lot of unneeded calls for Network Policy:
- Always deletes Network Policy object if
template == nil || template.Spec.NetworkPolicy == nil. Even if object doesn't exists
- Always tries to update/create Network Policy if template.Spec.NetworkPolicy is defined.
How to solve?
- We can consider adding cache for network policy
- Compare expected Policy against cached object. Update only when there is discrepancy between states
- Probably we want to limit cache only to Policies related to Sandbox Controller
Why we need to solve it?
Claim reconciliation has Network Policy reconciliation in the Sandbox adoption path. It impact Sandbox adoption latency and throughput
The current Sandbox Claim controller logic creates a lot of unneeded calls for Network Policy:
template == nil || template.Spec.NetworkPolicy == nil. Even if object doesn't existsHow to solve?
Why we need to solve it?
Claim reconciliation has Network Policy reconciliation in the Sandbox adoption path. It impact Sandbox adoption latency and throughput