🌱Add watch for ClusterResourceSet resources #3410
Conversation
k8s-ci-robot
added
do-not-merge/work-in-progress
k8s-ci-robot
added
the
size/L
sedefsavas
force-pushed
the
resource_watch
branch
from
c2e8be0 to
864545c
Compare
|
Although there is no creation/update of Secrets, resourceToClusterResourceSet() is contantly getting triggered. There should be something I am missing in predicates. |
|
/assign |
|
|
||
| for _, crs := range crsList.Items { | ||
| for _, resource := range crs.Spec.Resources { | ||
| if resource.Kind == o.Object.GetObjectKind().GroupVersionKind().Kind && crs.Name == o.Meta.GetName() { |
There was a problem hiding this comment.
Technically we should be checking on both Group and Kind, as someone could create a foo.io/v123 Secret or ConfigMap.
There was a problem hiding this comment.
Do we need to worry about core vs empty group equivalency here when comparing the group, though? I think core types are probably the one exception where it might be ok to avoid checking group.
There was a problem hiding this comment.
I'm suggesting we worry about ensuring group="",Kind="Secret" and not matching on group="foo.io",Kind="Secret" - wouldn't that make sense?
There was a problem hiding this comment.
Do we need to worry about also testing for group == "core" in addition to group == "" ?
There was a problem hiding this comment.
No - despite being known as the core group, the only valid value for that group is ""
There was a problem hiding this comment.
If we store the runtime.Scheme on r (ClusterResourceSetReconciler), you should be able to use apiutil.GVKForObject
There was a problem hiding this comment.
It was originally there but I had Sedef remove it because we weren't using it 😄. Would it make more sense to do the func-that-returns-a-func approach so we don't have to do a lookup every time?
There was a problem hiding this comment.
This is the mapping function's parameter:
func (r *ClusterResourceSetReconciler) resourceToClusterResourceSet(o handler.MapObject) []ctrl.Request {
Cannot reach o's Kind.
Edit: page refreshed late. Ignore this, it was before the suggestions.
There was a problem hiding this comment.
Yeah, func createMapFunc(kind schema.GroupKind) func(o handler.MapObject) []ctrl.Request { return func(...) ....}
There was a problem hiding this comment.
We removed the Scheme in the Binding controller, we still have it here, so used that one.
|
I will change the predicates to watch only creation because I see continues ConfigMap updates coming for ConfigMaps like: capi-kubeadm-bootstrap-system, cert-manager-cainjector-leader-election, capv-controller-manager-runtime etc. I need to make sure this is specific to |
|
I would either
|
|
I would not expect the leader election configmap updates to put an overwhelming burden on the system |
|
Correction, our default leaderelection updates are every 2 seconds, and we have multiple leaderelection configmaps, so we should try to mitigate this amount of updates:
|
We provide flags today to change the frequency, we could change those defaults. Should we do this in a separate PR/issue? Do you prefer having this in v0.3.8 or wait for later? |
|
Definitely a separate PR. Maybe an issue too so we can discuss? As for 0.3.8, if we don't make any changes to the lease update frequency, do you have any concerns about watching ConfigMaps? |
|
/retest |
|
Please note: Removed watching for Updates until we fix frequent ConfigMap updates related to leader election. |
sedefsavas
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
|
/retest |
sedefsavas
force-pushed
the
resource_watch
branch
from
e27945d to
07cfd79
Compare
|
/retest |
sedefsavas
force-pushed
the
resource_watch
branch
from
7af5c5b to
493dd36
Compare
sedefsavas
force-pushed
the
resource_watch
branch
from
493dd36 to
8d3fb61
Compare
|
/restest |
1 similar comment
|
/restest |
|
/retest |
|
I think this PR is good to go. |
There was a problem hiding this comment.
/approve
/assign @CecileRobertMichon @detiber
for final lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vincepri The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/lgtm |
k8s-ci-robot
added
the
lgtm
What this PR does / why we need it:
This PR adds watch on ClusterResourceSet resources (ConfigMaps/Secrets), so that for the resources that is missing during
Applywill be reconciled on creation or update of resources.One down side of this is everytime a resource is created/updated, all CRS objects in the same namespace will be reconciled. Although CRS is added as owner of the resources during CRS creation since newly created resources were not there, they will not have owner refs and we cannot use owner references to get only the CRSs that has the created resource.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #3397