From f84afcb9d3d4028d6beb29a5ede8651a05991f6f Mon Sep 17 00:00:00 2001 From: Mac Chaffee Date: Thu, 12 Jan 2023 13:23:29 -0500 Subject: [PATCH] Disable caching of secrets and configmaps You can re-enable caching by starting the controller with the argument '--feature-gates=CacheSecretsAndConfigMaps=true' Signed-off-by: Mac Chaffee --- README.md | 4 +++- internal/features/features.go | 10 +++++++++- main.go | 13 +++++++++++++ 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8768c4b92..f1fec2cb0 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ [![report](https://goreportcard.com/badge/github.com/fluxcd/source-controller)](https://goreportcard.com/report/github.com/fluxcd/source-controller) [![license](https://img.shields.io/github/license/fluxcd/source-controller.svg)](https://github.com/fluxcd/source-controller/blob/main/LICENSE) [![release](https://img.shields.io/github/release/fluxcd/source-controller/all.svg)](https://github.com/fluxcd/source-controller/releases) - + The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, Helm repositories and S3 buckets. The source-controller implements the @@ -25,3 +25,5 @@ Features: * makes the artifacts available in-cluster to interested 3rd parties * notifies interested 3rd parties of source changes and availability (status conditions, events, hooks) * reacts to Git push and Helm chart upload events (via [notification-controller](https://github.com/fluxcd/notification-controller)) + +See [the docs folder](docs/spec/README.md) for more information. diff --git a/internal/features/features.go b/internal/features/features.go index 880265cff..044b54c17 100644 --- a/internal/features/features.go +++ b/internal/features/features.go @@ -29,15 +29,23 @@ const ( // the last revision is still the same at the target repository, // and if that is so, skips the reconciliation. OptimizedGitClones = "OptimizedGitClones" + // CacheSecretsAndConfigMaps controls whether secrets and configmaps should be cached. + // + // When enabled, it will cache both object types, resulting in increased memory usage + // and cluster-wide RBAC permissions (list and watch). + CacheSecretsAndConfigMaps = "CacheSecretsAndConfigMaps" ) var features = map[string]bool{ // OptimizedGitClones // opt-out from v0.25 OptimizedGitClones: true, + // CacheSecretsAndConfigMaps + // opt-in from v0.34 + CacheSecretsAndConfigMaps: false, } -// DefaultFeatureGates contains a list of all supported feature gates and +// FeatureGates contains a list of all supported feature gates and // their default values. func FeatureGates() map[string]bool { return features diff --git a/main.go b/main.go index fcb58504c..088f00b4f 100644 --- a/main.go +++ b/main.go @@ -27,11 +27,13 @@ import ( "github.com/go-logr/logr" flag "github.com/spf13/pflag" "helm.sh/helm/v3/pkg/getter" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" ctrl "sigs.k8s.io/controller-runtime" + ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" "github.com/fluxcd/pkg/git" "github.com/fluxcd/pkg/runtime/client" @@ -167,6 +169,16 @@ func main() { watchNamespace = os.Getenv("RUNTIME_NAMESPACE") } + disableCacheFor := []ctrlclient.Object{} + shouldCache, err := features.Enabled(features.CacheSecretsAndConfigMaps) + if err != nil { + setupLog.Error(err, "unable to check feature gate "+features.CacheSecretsAndConfigMaps) + os.Exit(1) + } + if !shouldCache { + disableCacheFor = append(disableCacheFor, &corev1.Secret{}, &corev1.ConfigMap{}) + } + restConfig := client.GetConfigOrDie(clientOptions) mgr, err := ctrl.NewManager(restConfig, ctrl.Options{ Scheme: scheme, @@ -181,6 +193,7 @@ func main() { LeaderElectionID: fmt.Sprintf("%s-leader-election", controllerName), Namespace: watchNamespace, Logger: ctrl.Log, + ClientDisableCacheFor: disableCacheFor, }) if err != nil { setupLog.Error(err, "unable to start manager")