@@ -97,13 +97,14 @@ func (r *ReplicatedPolicyReconciler) Reconcile(ctx context.Context, request ctrl
97
97
return reconcile.Result {}, nil
98
98
}
99
99
100
- // do not handle a replicated policy which does not belong to the current cluster
101
100
inClusterNS , err := common .IsInClusterNamespace (r .Client , request .Namespace )
102
101
if err != nil {
103
102
return reconcile.Result {}, err
104
103
}
105
104
106
105
if ! inClusterNS {
106
+ // "Hub of hubs" scenario: this cluster is managed by another cluster,
107
+ // which has the root policy for the policy being reconciled.
107
108
log .V (1 ).Info ("Found a replicated policy in non-cluster namespace, skipping it" )
108
109
109
110
return reconcile.Result {}, nil
@@ -160,6 +161,19 @@ func (r *ReplicatedPolicyReconciler) Reconcile(ctx context.Context, request ctrl
160
161
// an empty decision means the policy should not be replicated
161
162
if decision .Cluster .ClusterName == "" {
162
163
if replicatedExists {
164
+ inClusterNS , err := common .IsInClusterNamespace (r .Client , request .Namespace )
165
+ if err != nil {
166
+ return reconcile.Result {}, err
167
+ }
168
+
169
+ if ! inClusterNS {
170
+ // "Hosted mode" scenario: this cluster is hosting another cluster, which is syncing
171
+ // this policy to a cluster namespace that this propagator doesn't know about.
172
+ log .V (1 ).Info ("Found a possible replicated policy for a hosted cluster, skipping it" )
173
+
174
+ return reconcile.Result {}, nil
175
+ }
176
+
163
177
if err := r .cleanUpReplicated (ctx , replicatedPolicy ); err != nil {
164
178
if ! k8serrors .IsNotFound (err ) {
165
179
log .Error (err , "Failed to remove the replicated policy for this managed cluster, requeueing" )
0 commit comments