Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

perf(kuma-cp) cached client for fetching secrets on k8s #1393

Merged
merged 3 commits into from
Jan 7, 2021
Merged

perf(kuma-cp) cached client for fetching secrets on k8s #1393

merged 3 commits into from
Jan 7, 2021

Conversation

jakubdyszkiewicz
Copy link
Contributor

Summary

See the explanation in the comment of the code. We used non-cached client for Secrets on Kubernetes because we could not use the regular cached client in ControllerManager. This was ok until we introduced Secrets into reconciliation loop (Secrets are taken into account of Mesh Hash, because Secrets are used for TLS settings of External Service).

This change brings a separate cached client for Secrets.

Documentation

  • No docs.

@jakubdyszkiewicz jakubdyszkiewicz requested a review from a team as a code owner January 7, 2021 14:08
bartsmykla
bartsmykla approved these changes Jan 7, 2021
View reviewed changes
pkg/plugins/bootstrap/k8s/plugin.go
Comment on lines +97 to +103
err = kubeCache.IndexField(context.Background(), &kube_core.Secret{}, "type", func(object kube_runtime.Object) []string {
secret := object.(*kube_core.Secret)
return []string{string(secret.Type)}
})
if err != nil {
return nil, errors.Wrap(err, "could not add index of Secret cache by field 'type'")
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not:

Suggested change
err = kubeCache.IndexField(context.Background(), &kube_core.Secret{}, "type", func(object kube_runtime.Object) []string {
secret := object.(*kube_core.Secret)
return []string{string(secret.Type)}
})
if err != nil {
return nil, errors.Wrap(err, "could not add index of Secret cache by field 'type'")
}
if err := kubeCache.IndexField(context.Background(), &kube_core.Secret{}, "type", func(object kube_runtime.Object) []string {
secret := object.(*kube_core.Secret)
return []string{string(secret.Type)}
}); err != nil {
return nil, errors.Wrap(err, "could not add index of Secret cache by field 'type'")
}

Copy link
Contributor

@bartsmykla bartsmykla Jan 7, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(just a nit)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's less redable for me. I don't use if err := exp(); err != nil { when exp() is multiline.

@jakubdyszkiewicz
pass close channel from run to cache
183e817 
Signed-off-by: Jakub Dyszkiewicz <[email protected]>
lobkovilya
lobkovilya reviewed Jan 7, 2021
View reviewed changes
pkg/plugins/runtime/k8s/plugin.go
@@ -232,9 +232,9 @@ func addValidators(mgr kube_ctrl.Manager, rt core_runtime.Runtime, converter k8s
mgr.GetWebhookServer().Register("/validate-v1-service", &kube_webhook.Admission{Handler: &k8s_webhooks.ServiceValidator{}})
log.Info("Registering a validation webhook for v1/Service", "path", "/validate-v1-service")

client, ok := k8s_extensions.FromNonCachedClientContext(rt.Extensions())
client, ok := k8s_extensions.FromSecretClientContext(rt.Extensions())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to receive a request in the SecretValidator webhook which is not for kuma-system namespace?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no

  - name: secret.validator.kuma-admission.kuma.io
    namespaceSelector:
      matchLabels:
        kuma.io/system-namespace: "true"

@jakubdyszkiewicz jakubdyszkiewicz merged commit 04cd0de into master Jan 7, 2021
@jakubdyszkiewicz jakubdyszkiewicz deleted the perf/cached-client-secret-k8s branch January 7, 2021 16:06
mergify bot pushed a commit that referenced this pull request Jan 7, 2021
@jakubdyszkiewicz
perf(kuma-cp) cached client for fetching secrets on k8s (#1393)
58fd79b 
Signed-off-by: Jakub Dyszkiewicz <[email protected]>
(cherry picked from commit 04cd0de)
@mergify mergify bot mentioned this pull request Jan 7, 2021
Merged
nickolaev pushed a commit that referenced this pull request Jan 7, 2021
@mergify @jakubdyszkiewicz
perf(kuma-cp) cached client for fetching secrets on k8s (#1393) (#1395)
c6e3aa5 
Signed-off-by: Jakub Dyszkiewicz <[email protected]>
(cherry picked from commit 04cd0de)

Co-authored-by: Jakub Dyszkiewicz <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lobkovilya lobkovilya lobkovilya approved these changes

@bartsmykla bartsmykla bartsmykla approved these changes

@nickolaev nickolaev nickolaev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jakubdyszkiewicz @nickolaev @bartsmykla @lobkovilya