Commits on Apr 25, 2023

1. Suppress caching of Secrets and ConfigMaps …

   As explained in
   kubernetes-sigs/controller-runtime#1249, the
   controller-runtime client will tend to use LIST and WATCH to cache
   resources requested by the controller. This has two downsides:
   
    - the mechanism may require broad RBAC access (Secret and ConfigMap
      in every namespace) even if the actual secrets and configmaps
      referenced are few, or restricted to few namespaces;
    - the cache uses a lot of memory that it doesn't really need to
   
   This change fixes those problems, with the trade-off that all Secret
   and ConfigMap requests use a round-trip to the Kubernetes API server.
   
   This follows
   fluxcd/source-controller#989. There, a feature
   flag can be used to restore caching for Secrets and ConfigMaps; I have
   not included the feature flag, since this controller is much younger
   and doesn't have an established behaviour.
   
   Signed-off-by: Michael Bridgen <[email protected]>

   

   squaremo committed Apr 25, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 943be32
   • Browse repository at this point

   Copy the full SHA

   943be32 View commit details

   Browse the repository at this point in the history

2. Remove watch Secret from RBAC role …

   One consequence of disabling caching for Secret resources, as in the
   previous commit, is that `watch` permission for those is no longer
   required.
   
   Signed-off-by: Michael Bridgen <[email protected]>

   

   squaremo committed Apr 25, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for e2ff348
   • Browse repository at this point

   Copy the full SHA

   e2ff348 View commit details

   Browse the repository at this point in the history