fix the bug that evenhanlder ignores the update per sync-period #3280
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue
#3264
#2800
#2515
Description
Currently, there is a conflict between the controller runtime flag
--sync-period
, which is to force reconcile every fix interval, and the eventhandlers, which are to avoid unnecessary reconciles to optimize the AWS API usage. When the controller runtime sends an update event to the eventhandler per interval in--sync-period
, the eventhandler will ignore the update event if there is no difference in the annotations/specs of the ingress or service. Therefore, if the end users made some manual modification to the resources managed by the controller as mentioned in the issues above, the controller could not revert since it does not reconcile under this situation.We fix the bug by leveraging k8s resourceVersions -
However, as the best practice, we do not recommend manual modification, nor should the users depend on the controller auto-reconciliation to heal the resources they changed, or to mitigate any security risks. Since no matter how frequent the controller reconciles, there should always be a gap.
Test
alb.ingress.kubernetes.io/wafv2-acl-arn
, verified the waf acl got associated to the provisioned ALB. Then removed the waf acl from the ALB via console, verified the controller will re-associalte the waf acl to the ALB.Checklist
README.md
, or thedocs
directory)BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯