patch status instead of update

loft-sh · Feb 14, 2025 · 55d32f2 · 55d32f2
1 parent eea94e2
commit 55d32f2
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 45 deletions.
diff --git a/pkg/controllers/resources/pods/syncer.go b/pkg/controllers/resources/pods/syncer.go
@@ -256,6 +256,7 @@ func (s *podSyncer) Sync(ctx *synccontext.SyncContext, event *synccontext.SyncEv
 	var (
 		err error
 	)
+
 	// should pod get deleted?
 	if event.Host.DeletionTimestamp != nil {
 		if event.Virtual.DeletionTimestamp == nil {
@@ -300,53 +301,55 @@ func (s *podSyncer) Sync(ctx *synccontext.SyncContext, event *synccontext.SyncEv
 		})
 	}
 
-	// make sure node exists for pod
-	if event.Host.Spec.NodeName != "" {
-		requeue, err := s.ensureNode(ctx, event.Host, event.Virtual)
-		if kerrors.IsConflict(err) {
-			ctx.Log.Debugf("conflict binding virtual pod %s/%s", event.Virtual.Namespace, event.Virtual.Name)
-			return ctrl.Result{Requeue: true}, nil
-		} else if err != nil {
-			return ctrl.Result{}, err
-		} else if requeue {
-			return ctrl.Result{Requeue: true}, nil
+	if event.Host.DeletionTimestamp == nil {
+		// make sure node exists for pod
+		if event.Host.Spec.NodeName != "" {
+			requeue, err := s.ensureNode(ctx, event.Host, event.Virtual)
+			if kerrors.IsConflict(err) {
+				ctx.Log.Debugf("conflict binding virtual pod %s/%s", event.Virtual.Namespace, event.Virtual.Name)
+				return ctrl.Result{Requeue: true}, nil
+			} else if err != nil {
+				return ctrl.Result{}, err
+			} else if requeue {
+				return ctrl.Result{Requeue: true}, nil
+			}
+		} else if event.Host.Spec.NodeName != "" && event.Virtual.Spec.NodeName != "" && event.Host.Spec.NodeName != event.Virtual.Spec.NodeName {
+			// if physical pod nodeName is different from virtual pod nodeName, we delete the virtual one
+			return patcher.DeleteVirtualObjectWithOptions(ctx, event.Virtual, event.Host, "node name is different between the two", &client.DeleteOptions{GracePeriodSeconds: &minimumGracePeriodInSeconds})
+		}
+
+		if s.fakeKubeletIPs && event.Host.Status.HostIP != "" {
+			err = s.rewriteFakeHostIPAddresses(ctx, event.Host)
+			if err != nil {
+				return ctrl.Result{}, err
+			}
+		}
+
+		// validate virtual pod before syncing it to the host cluster
+		if s.podSecurityStandard != "" {
+			valid, err := s.isPodSecurityStandardsValid(ctx, event.Virtual, ctx.Log)
+			if err != nil {
+				return ctrl.Result{}, err
+			} else if !valid {
+				return ctrl.Result{}, nil
+			}
 		}
-	} else if event.Host.Spec.NodeName != "" && event.Virtual.Spec.NodeName != "" && event.Host.Spec.NodeName != event.Virtual.Spec.NodeName {
-		// if physical pod nodeName is different from virtual pod nodeName, we delete the virtual one
-		return patcher.DeleteVirtualObjectWithOptions(ctx, event.Virtual, event.Host, "node name is different between the two", &client.DeleteOptions{GracePeriodSeconds: &minimumGracePeriodInSeconds})
-	}
 
-	if s.fakeKubeletIPs && event.Host.Status.HostIP != "" {
-		err = s.rewriteFakeHostIPAddresses(ctx, event.Host)
+		// sync ephemeral containers
+		synced, err := s.syncEphemeralContainers(ctx, s.physicalClusterClient, event.Host, event.Virtual)
 		if err != nil {
-			return ctrl.Result{}, err
+			return ctrl.Result{}, fmt.Errorf("sync ephemeral containers: %w", err)
+		} else if synced {
+			return ctrl.Result{Requeue: true}, nil
 		}
-	}
 
-	// validate virtual pod before syncing it to the host cluster
-	if s.podSecurityStandard != "" {
-		valid, err := s.isPodSecurityStandardsValid(ctx, event.Virtual, ctx.Log)
+		// set pod owner as sa token
+		err = setSATokenSecretAsOwner(ctx, ctx.PhysicalClient, event.Virtual, event.Host)
 		if err != nil {
 			return ctrl.Result{}, err
-		} else if !valid {
-			return ctrl.Result{}, nil
 		}
 	}
 
-	// sync ephemeral containers
-	synced, err := s.syncEphemeralContainers(ctx, s.physicalClusterClient, event.Host, event.Virtual)
-	if err != nil {
-		return ctrl.Result{}, fmt.Errorf("sync ephemeral containers: %w", err)
-	} else if synced {
-		return ctrl.Result{Requeue: true}, nil
-	}
-
-	// set pod owner as sa token
-	err = setSATokenSecretAsOwner(ctx, ctx.PhysicalClient, event.Virtual, event.Host)
-	if err != nil {
-		return ctrl.Result{}, err
-	}
-
 	// patch objects
 	patch, err := patcher.NewSyncerPatcher(ctx, event.Host, event.Virtual, patcher.TranslatePatches(ctx.Config.Sync.ToHost.Pods.Patches, false))
 	if err != nil {

diff --git a/pkg/controllers/resources/pods/translate/diff.go b/pkg/controllers/resources/pods/translate/diff.go
@@ -13,25 +13,29 @@ import (
 )
 
 func (t *translator) Diff(ctx *synccontext.SyncContext, event *synccontext.SyncEvent[*corev1.Pod]) error {
-
 	// ignore the QOSClass field while updating pod status when there is a
 	// mismatch in this field value on vcluster and host. This field
 	// has become immutable from k8s 1.32 version and patch fails if
 	// syncer tries to update this field.
 	event.Host.Status.QOSClass = event.VirtualOld.Status.QOSClass
 
-	// sync conditions
-	event.Virtual.Status.Conditions, event.Host.Status.Conditions = patcher.CopyBidirectional(
-		event.VirtualOld.Status.Conditions,
-		event.Virtual.Status.Conditions,
-		event.HostOld.Status.Conditions,
-		event.Host.Status.Conditions,
-	)
+	// sync bidirectional only when host is not being deleted, else just copy status from host
+	// to virtual
+	if event.Host.DeletionTimestamp == nil {
+		// sync conditions
+		event.Virtual.Status.Conditions, event.Host.Status.Conditions = patcher.CopyBidirectional(
+			event.VirtualOld.Status.Conditions,
+			event.Virtual.Status.Conditions,
+			event.HostOld.Status.Conditions,
+			event.Host.Status.Conditions,
+		)
+	}
 
 	// has status changed?
 	vPod := event.Virtual
 	pPod := event.Host
 	vPod.Status = *pPod.Status.DeepCopy()
+
 	stripInjectedSidecarContainers(vPod, pPod)
 
 	// get Namespace resource in order to have access to its labels