fix: skip pods in succeeded or failed phase

aramase · aramase · commit 3e2c6d577b0c · 2020-11-17T09:34:47.000-08:00
diff --git a/controllers/secretproviderclasspodstatus_controller.go b/controllers/secretproviderclasspodstatus_controller.go
@@ -219,9 +219,11 @@ func (r *SecretProviderClassPodStatusReconciler) Reconcile(req ctrl.Request) (ct
 		}
 		return ctrl.Result{}, err
 	}
-	// pod is being terminated so don't reconcile
-	if !pod.GetDeletionTimestamp().IsZero() {
-		klog.InfoS("pod is being terminated, skipping reconcile", "pod", klog.KObj(pod))
+	// skip reconcile if the pod is being terminated
+	// or the pod is in succeeded state (for jobs that complete aren't gc yet)
+	// or the pod is in a failed state (all containers get terminated)
+	if !pod.GetDeletionTimestamp().IsZero() || pod.Status.Phase == v1.PodSucceeded || pod.Status.Phase == v1.PodFailed {
+		klog.V(5).InfoS("pod is being terminated, skipping reconcile", "pod", klog.KObj(pod))
 		return ctrl.Result{}, nil
 	}
 
diff --git a/pkg/rotation/reconciler.go b/pkg/rotation/reconciler.go
@@ -179,10 +179,12 @@ func (r *Reconciler) reconcile(ctx context.Context, spcps *v1alpha1.SecretProvid
 		errorReason = internalerrors.PodNotFound
 		return fmt.Errorf("failed to get pod %s/%s, err: %+v", podNamespace, podName, err)
 	}
-	// if the pod is being terminated, then skip rotation
+	// skip rotation if the pod is being terminated
+	// or the pod is in succeeded state (for jobs that complete aren't gc yet)
+	// or the pod is in a failed state (all containers get terminated).
 	// the spcps will be gc when the pod is deleted and will not show up in the next rotation cycle
-	if !pod.GetDeletionTimestamp().IsZero() {
-		klog.InfoS("pod is being terminated, skipping rotation", "pod", klog.KObj(pod))
+	if !pod.GetDeletionTimestamp().IsZero() || pod.Status.Phase == v1.PodSucceeded || pod.Status.Phase == v1.PodFailed {
+		klog.V(5).InfoS("pod is being terminated, skipping rotation", "pod", klog.KObj(pod))
 		return nil
 	}
 
diff --git a/pkg/rotation/reconciler_test.go b/pkg/rotation/reconciler_test.go
@@ -607,6 +607,18 @@ func TestReconcileNoError(t *testing.T) {
 
 	err = testReconciler.reconcile(context.TODO(), secretProviderClassPodStatusToProcess)
 	g.Expect(err).NotTo(HaveOccurred())
+
+	// test with pod being in succeeded phase
+	podToAdd.DeletionTimestamp = nil
+	podToAdd.Status.Phase = v1.PodSucceeded
+	kubeClient = fake.NewSimpleClientset(podToAdd, secretToAdd)
+	testReconciler, err = newTestReconciler(scheme, kubeClient, crdClient, ctrlClient, 60*time.Second, socketPath)
+	g.Expect(err).NotTo(HaveOccurred())
+	err = testReconciler.store.Run(wait.NeverStop)
+	g.Expect(err).NotTo(HaveOccurred())
+
+	err = testReconciler.reconcile(context.TODO(), secretProviderClassPodStatusToProcess)
+	g.Expect(err).NotTo(HaveOccurred())
 }
 
 func TestPatchSecret(t *testing.T) {

Original file line number	Diff line number	Diff line change
`@@ -219,9 +219,11 @@ func (r *SecretProviderClassPodStatusReconciler) Reconcile(req ctrl.Request) (ct`
`219`	`219`	`}`
`220`	`220`	`return ctrl.Result{}, err`
`221`	`221`	`}`
`222`		`- // pod is being terminated so don't reconcile`
`223`		`- if !pod.GetDeletionTimestamp().IsZero() {`
`224`		`- klog.InfoS("pod is being terminated, skipping reconcile", "pod", klog.KObj(pod))`
	`222`	`+ // skip reconcile if the pod is being terminated`
	`223`	`+ // or the pod is in succeeded state (for jobs that complete aren't gc yet)`
	`224`	`+ // or the pod is in a failed state (all containers get terminated)`
	`225`	`+ if !pod.GetDeletionTimestamp().IsZero() \|\| pod.Status.Phase == v1.PodSucceeded \|\| pod.Status.Phase == v1.PodFailed {`
	`226`	`+ klog.V(5).InfoS("pod is being terminated, skipping reconcile", "pod", klog.KObj(pod))`
`225`	`227`	`return ctrl.Result{}, nil`
`226`	`228`	`}`
`227`	`229`