Open kravciak opened 11 months ago
kravciak
commented
11 months ago As discussed on daily it might be fixed by observing state PolicyUniquelyReachable instead of PolicyActive
Values are described in https://github.com/kubewarden/kubewarden-controller/blob/3e2246abe21a1613406394351b2b073992a37d04/pkg/apis/policies/v1/policy.go#L54
Sample from command line:
~ k wait clusteradmissionpolicy --for=condition=PolicyUniquelyReachable no-privileged-pod
jordojordo
commented
11 months ago Changing the status to search for a PolicyUniquelyReachable condition causes some messy behavior which could be confusing.
When one policy is not uniquely reachable, all other policies with a related PolicyServer are considered not reachable as well since the PS pod is updating all of the policies. However, all of the policies that are then showing as not reachable are in fact still working and active.
Perhaps a good alternative here would be to show a transitioning icon or equivalent next to the status?
Policy creation
https://github.com/rancher/kubewarden-ui/assets/40806497/59c4d9d8-f696-4c2f-b73e-71918bc899d5
Policy mode update
https://github.com/rancher/kubewarden-ui/assets/40806497/c8cdf885-4c72-4cb8-bbc8-eda51f2113d3
Policy deletion
https://github.com/rancher/kubewarden-ui/assets/40806497/bb78163f-5262-4de0-8264-20b68b0dd0c3
When I modify policy config policyserver is restarted. Only after that changes are applied to the cluster. UI does not reflect this transition period, for example when updating mode policy is immediatelly
ActiveandProtectbut change are not in effect yet. Same applies to other modifications, for example module updates.When I make errors in configuration it's not obvious that changes were not applied and old policyserver stays active.
Screencast from 2023-11-14 14-17-06.webm