Open
Description
Report
The current implementation of the HTTPScaledObject reconciler is not following the best practices for a K8s Operator.
Expected Behavior
- It should only update resources when needed.
- It should not delete resources if there was an error on the reconciliation loop.
- It should only have access to the least amount of K8s resources required for it to do its job.
- It should not reconcile resources outside the reconciliation loop.
- It should try to self-heal whenever possible.
Actual Behavior
- It perform a patch operation every single reconciliation loop, no checks are performed to verify a patch is indeed required.
- If the creation or update of an internal ScaledObject fails for some reason, even when the operation was not required in the first place, the controller deletes the resource and this may cause an outage.
- Right now, the service account of the controller has full access to all Pods, Deployments, and Ingresses. But these are not required for the HTTP Add-On to work and may pose a security risk.
- The routing table ConfigMap existence is being checked on the main function, outside of the reconciliation loop, and is only performed once, when the controller starts.
- The controller doesn't try create a ConfigMap for the routing table if it doesn't exist and fail the entire controller when that happens.
Steps to Reproduce the Problem
N/A
Logs from KEDA HTTP operator
N/A
What version of the KEDA HTTP Add-on are you running?
0.4.0
Kubernetes Version
1.24
Platform
Microsoft Azure
Anything else?
No response
Metadata
Metadata
Assignees
Labels
Type
Projects
Status
To Triage