Fix generation increments on operator tick (#86)

Only update deployments / statefulsets if something meaningful has
changed - IE the resource spec or its configuration.

Each tick of the operator is causing higher order kube resources -
deployments and stateful sets - to increment their generation. The
operator unconditionally applies an update against the resource on
each tick - even when nothing about the actual and desired state has
changed.

This is mostly fine, but it occasionally - when using something like
prometheus - causes monitors fail indicating that the deployment or
stateful set has failed a rollout because the generations don't match 
-- IE a race condition between scrape time and the update.

Author: indiebrain

CHANGELOG.md

@@ -9,6 +9,9 @@ Also check this project's [releases](https://github.com/powerhome/redis-operator
 
 ## Unreleased
 
+### Fixed
+- [Fix unnecessary kube deployment and statefulset generation increment on operator tick](https://github.com/powerhome/redis-operator/pull/86)
+
 ## [v4.4.0] - 2025-12-19
 
 ### Changed

operator/redisfailover/service/client.go

@@ -1,7 +1,12 @@
 package service
 
 import (
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
 	"fmt"
+
+	appsv1 "k8s.io/api/apps/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
@@ -143,12 +148,59 @@ func (r *RedisFailoverKubeClient) EnsureHAProxyRedisMasterDeployment(rf *redisfa
 	}
 	d.Spec.Template.Annotations[haproxyConfigChecksumAnnotationKey] = digest
 
+	// Compute a digest of the desired spec and store it on the
+	// deployment's metadata annotations. On each reconcile we
+	// re-generate the desired spec, re-hash it, and compare
+	// against the stored annotation — comparison is O(1). This
+	// also automatically catches any future additions to
+	// generateHAProxyRedisMasterDeployment without needing manual
+	// updates here.
+	specDigest, specErr := specDigest(d.Spec)
+	if specErr != nil {
+		return fmt.Errorf("EnsureHAProxyRedisMasterDeployment failed to compute spec digest: %w", specErr)
+	}
+	if existing, getErr := r.K8SService.GetDeployment(rf.Namespace, d.Name); getErr == nil {
+		if existing.Annotations[haproxyDeploymentSpecChecksumKey] == specDigest {
+			return nil
+		}
+	}
+	if d.Annotations == nil {
+		d.Annotations = make(map[string]string)
+	}
+	d.Annotations[haproxyDeploymentSpecChecksumKey] = specDigest
+
 	err = r.K8SService.CreateOrUpdateDeployment(rf.Namespace, d)
 
 	r.setEnsureOperationMetrics(d.Namespace, d.Name, "EnsureHAProxyRedisMasterDeployment", rf.Name, err)
 	return err
 }
 
+// specDigest returns a stable SHA-256 hex digest of any resource Spec
+// value. encoding/json marshals struct fields in declaration order
+// and map keys in sorted order (since Go 1.12), so the output is
+// deterministic for a given input. managedSpec is a type constraint
+// that enumerates the Kubernetes resource spec structs whose digests
+// the operator tracks. Listing types expelicitly here means:
+//
+//   - the compiler rejects any accidental wrong-type call site - nil
+//   can never be passed (struct types are not nilable)
+//
+//   - adding a new Ensure* method for a new resource type requires
+//   updating this list, which serves as a forcing function to
+//   remember to add the skip-update guard too
+type managedSpec interface {
+	appsv1.DeploymentSpec | appsv1.StatefulSetSpec
+}
+
+func specDigest[T managedSpec](spec T) (string, error) {
+	data, err := json.Marshal(spec)
+	if err != nil {
+		return "", err
+	}
+	sum := sha256.Sum256(data)
+	return hex.EncodeToString(sum[:]), nil
+}
+
 // EnsureSentinelService makes sure the sentinel service exists
 func (r *RedisFailoverKubeClient) EnsureSentinelService(rf *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error {
 	svc := generateSentinelService(rf, labels, ownerRefs)
@@ -173,8 +225,22 @@ func (r *RedisFailoverKubeClient) EnsureSentinelDeployment(rf *redisfailoverv1.R
 		}
 	}
 	d := generateSentinelDeployment(rf, labels, ownerRefs)
-	err := r.K8SService.CreateOrUpdateDeployment(rf.Namespace, d)
 
+	digest, err := specDigest(d.Spec)
+	if err != nil {
+		return fmt.Errorf("EnsureSentinelDeployment failed to compute spec digest: %w", err)
+	}
+	if existing, getErr := r.K8SService.GetDeployment(rf.Namespace, d.Name); getErr == nil {
+		if existing.Annotations[sentinelDeploymentSpecChecksumKey] == digest {
+			return nil
+		}
+	}
+	if d.Annotations == nil {
+		d.Annotations = make(map[string]string)
+	}
+	d.Annotations[sentinelDeploymentSpecChecksumKey] = digest
+
+	err = r.K8SService.CreateOrUpdateDeployment(rf.Namespace, d)
 	r.setEnsureOperationMetrics(d.Namespace, d.Name, "Deployment", rf.Name, err)
 	return err
 }
@@ -300,8 +366,22 @@ func (r *RedisFailoverKubeClient) EnsureRedisStatefulset(rf *redisfailoverv1.Red
 		}
 	}
 	ss := generateRedisStatefulSet(rf, labels, ownerRefs)
-	err := r.K8SService.CreateOrUpdateStatefulSet(rf.Namespace, ss)
 
+	digest, err := specDigest(ss.Spec)
+	if err != nil {
+		return fmt.Errorf("EnsureRedisStatefulset failed to compute spec digest: %w", err)
+	}
+	if existing, getErr := r.K8SService.GetStatefulSet(rf.Namespace, ss.Name); getErr == nil {
+		if existing.Annotations[redisStatefulSetSpecChecksumKey] == digest {
+			return nil
+		}
+	}
+	if ss.Annotations == nil {
+		ss.Annotations = make(map[string]string)
+	}
+	ss.Annotations[redisStatefulSetSpecChecksumKey] = digest
+
+	err = r.K8SService.CreateOrUpdateStatefulSet(rf.Namespace, ss)
 	r.setEnsureOperationMetrics(ss.Namespace, ss.Name, "StatefulSet", rf.Name, err)
 	return err
 }

operator/redisfailover/service/constants.go

@@ -41,4 +41,7 @@ const (
 
 const (
 	haproxyConfigChecksumAnnotationKey = "checksum/haproxy-cfg"
+	haproxyDeploymentSpecChecksumKey   = "checksum/haproxy-deployment-spec"
+	sentinelDeploymentSpecChecksumKey  = "checksum/sentinel-deployment-spec"
+	redisStatefulSetSpecChecksumKey    = "checksum/redis-statefulset-spec"
 )