Limit objects cached by DevWorkspace controller to reduce memory usage #652
Commits on Oct 20, 2021
-
Restrict which k8s objects are cached in runtime
Modify cache used in controller in order to restrict cache to items with the devworkspace_id label. This has the downside of making all objects _without_ that label invisible to the controller, but has the benefit of reduced memory usage on large clusters. Signed-off-by: Angel Misevski <amisevsk@redhat.com>
-
Restrict secrets and configmaps in the cache via new labels
Add labels - controller.devfile.io/watch-configmap - controller.devfile.io/watch-secret which must be set to "true" in order for the DevWorkspace Operator to see the corresponding secret/configmap. This is required (compare to the previous commit) because the controller is not only interested in secrets and configmaps it creates, but also any configmap/secret on the cluster with e.g. the automount label attached. Since each type in the controller gets a single informer, we can only specify a single label selector for the objects we are interested in. This means we cannot have e.g. "has devworkspace_id label OR has mount-to-devworkspace label". Signed-off-by: Angel Misevski <amisevsk@redhat.com>
-
Update how workspace metadata configmap is handled
Restricting the cache to only configmaps with the new label results in existing workspaces failing to reconcile. This occurs because attempting to Get() the configmap from the cluster returns a IsNotFound error, whereas attempting to Create() the configmap returns an AlreadyExists error (Create interacts with the cluster, Get interacts with the cache). To avoid this, if we encounter an AlreadyExists error when attempting to create an object, we optimistically try to update the object (thus adding the required label). This resolves the issue above, as if the obejct is updated, the subsequent Get() call will return the object as expected. Signed-off-by: Angel Misevski <amisevsk@redhat.com>
-
Collect sync code into one interface to simplify syncing with cluster
Restricting the controller-runtime cache to specific objects means that once-tracked objects can disappear from the controller's knowledge if the required label is removed. To work around this, it is necessary to update how we sync objects to specifically handle the case where: * client.Get(object) returns IsNotFound * client.Create(object) returns AlreadyExists This occurs because we can't read objects that aren't in the cache, but attempting to create objects collides with the actual object on the cluster. Since the basic flow of Get -> Create/Update is repeated for each type we handle, this commit collects that repeated logic into one package (pkg/provision/sync), allowing object handling to be done in one place. Signed-off-by: Angel Misevski <amisevsk@redhat.com>
-
Adapt more packages to use sync package for managing objects
Adapt the metadata and storage cleanup tasks to use the new sync flow Signed-off-by: Angel Misevski <amisevsk@redhat.com>
Commits on Oct 21, 2021
-
Update devworkspaceRouting controller to use sync package for objects
Update sync methods in devworkspaceRouting controller to use updated sync package where appropriate. Note deleting out-of-date network objects must still be done in the controller, as it's not possible to iterate through a generic list of client.Objects. Signed-off-by: Angel Misevski <amisevsk@redhat.com>
-
Add documentation and logging to pkg/provision/sync package
Signed-off-by: Angel Misevski <amisevsk@redhat.com>
-
Fix cache initialization on Kubernetes
On Kubernetes, we can't restrict the cache for Routes since they are not a part of the included scheme. As a result we have to work around adding Routes to the cache only on OpenShift. Signed-off-by: Angel Misevski <amisevsk@redhat.com>
-
Use sync package for async storage deployment
Signed-off-by: Angel Misevski <amisevsk@redhat.com>
-
Rework automount package to use ClusterAPI instead of client
Pass around the full clusterAPI struct to methods in automount package, to allow for shared Context/Logging. Signed-off-by: Angel Misevski <amisevsk@redhat.com>
-
Adapt automount git credentials to use new sync mechanism
Signed-off-by: Angel Misevski <amisevsk@redhat.com>
-
Treat updating services specially since we have to copy ClusterIP
For most objects, we can client.Update() using the spec object without issue. However, for Services, updates are rejected if they try to unset spec.ClusterIP. This means we need to copy the ClusterIP from the cluster service before updating. This commit adds an extensible mechanism for specifying type-specific update functions that are called whenever we attempt to update a cluster object. Signed-off-by: Angel Misevski <amisevsk@redhat.com>
-
Improve diff logging when updating items
Use diffOpts when printing spec vs cluster object diffs when updates are required. Signed-off-by: Angel Misevski <amisevsk@redhat.com>
-
Restrict caches for Roles and Rolebindings by name
Signed-off-by: Angel Misevski <amisevsk@redhat.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.