Skip to content

[WIP] ESO-240: Bitwarden disable minimal cache #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
mytreya-rh wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

[WIP] ESO-240: Bitwarden disable minimal cache #93

mytreya-rh wants to merge 2 commits into from

Conversation

@mytreya-rh
Copy link
Contributor

@mytreya-rh mytreya-rh commented Dec 23, 2025

This is to supplement the study done for ESO-240 which is documented at ESO-240: Study: Cleanup of Bitwarden deployment

The operator in this draft PR also hosts a webhook which caches bitwarden secretstores.
When (and only when) Bitwarden SDK deployment disable is attempted, the webhook is triggered which prevents the operation if (and only if) there are any secretstore/clustersecretstore that refer to Bitwarden.

Code is generated from Cursor using Claude-Sonnet-4.5 and good deal of feedback prompting and reigning in.
Tested with 10,000 SecretStores with memory usage going upto 220Mi max.

@mytreya-rh
Drop1: Using an indexed cache but all the secrets store are part of it
30f2c74 
       Tested with 10,000 secretstores.
       Memory goes from 28Mi to 200Mi but stays stable there.
       No significant CPU spikes when webhook is called.
@mytreya-rh
Drop2: Store only BitWarden secretstores in cache
360c7a7
@openshift-ci-robot
Copy link

openshift-ci-robot commented Dec 23, 2025
edited by openshift-ci bot
Loading

@mytreya-rh: This pull request references ESO-240 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.22.0" version, but no target version was set.

Details

In response to this:

This is to supplement the study done for ESO-240 which is documented at ESO-240: Study: Cleanup of Bitwarden deployment

The operator in this draft PR also hosts a webhook which caches bitwarden secretstores.
When (and only when) Bitwarden SDK deployment disable is attempted, the webhook is triggered which prevents the operation if (and only if) there are any secretstore/clustersecretstore that refer to Bitwarden.

Code is generated from Cursor using Claude-Sonnet-4.5 and good deal of feedback prompting and reigning in.
Tested with 10,000 SecretStores with memory usage going upto 220Mi max.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 23, 2025
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Dec 23, 2025
@openshift-ci
Copy link

openshift-ci bot commented Dec 23, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@coderabbitai
Copy link

coderabbitai bot commented Dec 23, 2025
edited
Loading

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Review skipped — only excluded labels are configured. (1)
  • do-not-merge/work-in-progress

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci
Copy link

openshift-ci bot commented Dec 23, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mytreya-rh
Once this PR has been reviewed and has the lgtm label, please assign trilokgeer for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mytreya-rh @openshift-ci-robot