Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve listing resources in authorized namespaces #3636

Closed
2 tasks
georgethebeatle opened this issue Nov 27, 2024 · 1 comment
Closed
2 tasks

Improve listing resources in authorized namespaces #3636

georgethebeatle opened this issue Nov 27, 2024 · 1 comment
Assignees
@danail-branekov @georgethebeatle
Labels
chore

Comments

@georgethebeatle
Copy link
Member

georgethebeatle commented Nov 27, 2024
edited
Loading

Background

When listing resources we have established the pattern of

  • listing all namespaces where the user has any role bindings
  • synchronously looping over thos namespaces listing all resources in each namespace

The goal of this pattern is to prevent the listing of resources that the user may not have permissions to see

The problem with this approach is performance - it is suboptimal to do so many requests and the overall time of listing grows linearly with the number of spaces.

Proposal

Use the admin client to do a cluster-wide list as follows:

  • Collect a list of all namespaces where the user has any permissions
  • Using the admin client do a cluster-wide list with label selectors that filter by .metadata.namespace being in the set of authorized namespaces

TODO

  • Add smoke tests for listing all resources with and without permissions
  • Write a ginkgo Measure test for listing apps and run with 1, 10, 100 and 1000 orgs/spaces containing one app
@github-project-automation github-project-automation bot moved this to 🧊 Icebox in Korifi - Backlog Nov 27, 2024
@georgethebeatle georgethebeatle moved this from 🧊 Icebox to 🇪🇺 To do in Korifi - Backlog Nov 27, 2024
@georgethebeatle georgethebeatle moved this from 🇪🇺 To do to 🔄 In progress in Korifi - Backlog Dec 18, 2024
@georgethebeatle georgethebeatle mentioned this issue Dec 20, 2024
Merged
danail-branekov added a commit that referenced this issue Jan 7, 2025
@danail-branekov @georgethebeatle
Smoke tests for listing resources
afae96a 
The tests verify that
* Authorised users can list resources
* Unauthorised users get empty resources list but no error

issue #3636

Co-authored-by: Georgi Sabev <georgethebeatle@gmail.com>
@danail-branekov danail-branekov mentioned this issue Jan 7, 2025
Merged
georgethebeatle added a commit that referenced this issue Jan 7, 2025
@danail-branekov @georgethebeatle
Smoke tests for listing resources
60aaefd 
The tests verify that
* Authorised users can list resources
* Unauthorised users get empty resources list but no error

issue #3636

Co-authored-by: Georgi Sabev <georgethebeatle@gmail.com>
@georgethebeatle
Copy link
Member Author

Here are some performance results with v0.13.0 vs the improved version in main:

The test creates one-app-spaces in a single org and scales this setup.

v0.13.0

Report Entries >>
List Apps - /home/ccloud/workspace/korifi/tests/perf/apps_test.go:21 @ 01/10/25 16:16:55.427
  List Apps
  Name                               | N  | Min      | Median   | Mean     | StdDev | Max
  ============================================================================================
  list apps (   1 spaces) [duration] | 10 | 26.2ms   | 27.5ms   | 28.7ms   | 3.4ms  | 38.4ms
  --------------------------------------------------------------------------------------------
  list apps (  10 spaces) [duration] | 10 | 40.8ms   | 80.8ms   | 74ms     | 26.9ms | 101.3ms
  --------------------------------------------------------------------------------------------
  list apps ( 100 spaces) [duration] | 10 | 4.0919s  | 4.0939s  | 4.0963s  | 4.7ms  | 4.1083s
  --------------------------------------------------------------------------------------------
  list apps (1000 spaces) [duration] | 10 | 54.2042s | 54.2112s | 54.2379s | 54.9ms | 54.3877s
<< Report Entries

main

Report Entries >>
List Apps - /home/ccloud/workspace/korifi/tests/perf/apps_test.go:21 @ 01/11/25 08:02:01.4
  List Apps
  Name                               | N  | Min     | Median  | Mean    | StdDev | Max
  ========================================================================================
  list apps (   1 spaces) [duration] | 10 | 31ms    | 34.9ms  | 34.5ms  | 2.2ms  | 38.8ms
  ----------------------------------------------------------------------------------------
  list apps (  10 spaces) [duration] | 10 | 36.9ms  | 39.8ms  | 39.9ms  | 2.3ms  | 43.2ms
  ----------------------------------------------------------------------------------------
  list apps ( 100 spaces) [duration] | 10 | 66.9ms  | 74.2ms  | 81.4ms  | 13ms   | 99.8ms
  ----------------------------------------------------------------------------------------
  list apps (1000 spaces) [duration] | 10 | 456.5ms | 489.3ms | 537.5ms | 96.1ms | 769.2ms
<< Report Entries

@github-project-automation github-project-automation bot moved this from 🔄 In progress to ✅ Done in Korifi - Backlog Jan 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danail-branekov danail-branekov

@georgethebeatle georgethebeatle

Labels
chore
Projects
Korifi - Backlog
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danail-branekov @georgethebeatle