Skip to content

Commit

Permalink
fix(cert-manager): exclude CRDs from cache to avoid excessive memory …
Browse files Browse the repository at this point in the history
…usage (keptn#2258)

Signed-off-by: Florian Bacher <[email protected]>
  • Loading branch information
bacherfl authored Oct 11, 2023
1 parent e89ea71 commit 5176a4c
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -90,21 +90,38 @@ func (r *KeptnWebhookCertificateReconciler) Reconcile(ctx context.Context, reque
r.Log.Info("reconciling webhook certificates",
"namespace", request.Namespace, "name", request.Name)

r.Log.Info("Retrieving MutatingWebhooks")
mutatingWebhookConfigurations, err := r.ResourceRetriever.GetMutatingWebhooks(ctx)
if err != nil {
r.Log.Error(err, "could not find mutating webhook configuration")
}
r.Log.Info(
"Found MutatingWebhooks to inject certificates",
"numberOfItems", len(mutatingWebhookConfigurations.Items),
"byteSize", mutatingWebhookConfigurations.Size(),
)

r.Log.Info("Retrieving ValidatingWebhooks")
validatingWebhookConfigurations, err := r.ResourceRetriever.GetValidatingWebhooks(ctx)
if err != nil {
r.Log.Error(err, "could not find validating webhook configuration")
}
r.Log.Info(
"Found ValidatingWebhooks to inject certificates",
"numberOfItems", len(validatingWebhookConfigurations.Items),
"byteSize", validatingWebhookConfigurations.Size(),
)

r.Log.Info("Retrieving CRDs")
crds, err := r.ResourceRetriever.GetCRDs(ctx)
if err != nil {
r.Log.Error(err, "could not find CRDs")
}

r.Log.Info(
"Found CRDs to inject certificates",
"numberOfItems", len(crds.Items),
"byteSize", crds.Size(),
)
certSecret := newCertificateSecret(r.Client)

if err := r.setCertificates(ctx, certSecret); err != nil {
Expand Down Expand Up @@ -240,6 +257,11 @@ func (r *KeptnWebhookCertificateReconciler) updateCRDConfiguration(ctx context.C
return nil
}

r.Log.Info(
"Found conversion webhook in CRD, updating client certificate",
"crd", crdName,
)

// update crd
crd.Spec.Conversion.Webhook.ClientConfig.CABundle = bundle
if err := r.Client.Update(ctx, &crd); err != nil {
Expand Down
6 changes: 6 additions & 0 deletions klt-cert-manager/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (
_ "k8s.io/client-go/plugin/pkg/client/auth"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/cache"
ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/healthz"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
Expand Down Expand Up @@ -89,6 +90,11 @@ func main() {
// if you are doing or is intended to do any operation such as perform cleanups
// after the manager stops then its usage might be unsafe.
// LeaderElectionReleaseOnCancel: true,
Client: ctrlclient.Options{
Cache: &ctrlclient.CacheOptions{
DisableFor: []ctrlclient.Object{&apiv1.CustomResourceDefinition{}},
},
},
})
if err != nil {
setupLog.Error(err, "unable to start manager")
Expand Down

0 comments on commit 5176a4c

Please sign in to comment.