Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes service changes should be processed in a queue in the order in which they came in #363

Closed
cmwylie19 opened this issue Apr 23, 2024 · 0 comments · Fixed by #362
Closed

Kubernetes service changes should be processed in a queue in the order in which they came in #363

cmwylie19 opened this issue Apr 23, 2024 · 0 comments · Fixed by #362

Comments

@cmwylie19
Copy link
Contributor

Describe what should be investigated or refactored

We are watching for changes to the Kubernetes service and Neuvector Jobs in order to update network policy. This triggers a cascade of events on each change leading to likely thrash in the kube-apiserver. If we put them into a queue then they will be processes one at a time in the order in which the event came in. Cutting down the load on the API Server.

Visual Proof
Look at the wild spikes in CPU on the watcher. Now with this ordered processing, it seems to throttle the amount used and therefore is not hitting that strange frozen state.

From 24m to 8m
image

from 32m to 15m
image

Ive seen it drop at low at 3m of CPU

Links to any relevant code

uds-core/src/pepr/operator/index.ts

Line 43 in da3eb5a

.Watch(updateAPIServerCIDRFromService);

uds-core/src/pepr/istio/index.ts

Line 22 in da3eb5a

.Watch(async pod => {

Additional context

Add any other context or screenshots about the technical debt here.
@cmwylie19 cmwylie19 mentioned this issue Apr 23, 2024
Closed
5 tasks
@mjnagel mjnagel mentioned this issue Apr 23, 2024
Merged
5 tasks
mjnagel added a commit that referenced this issue Apr 24, 2024
@mjnagel @UnicornChance
chore: move api service watch to reconcile (#362)
1822bca 
## Description

Follow up to #359 to
move the apiservice watch to a queue/reconcile.

## Related Issue

Resolves #363

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request)
followed

---------

Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com>
rjferguson21 pushed a commit that referenced this issue Jul 11, 2024
@mjnagel @UnicornChance
chore: move api service watch to reconcile (#362)
697d5eb 
## Description

Follow up to #359 to
move the apiservice watch to a queue/reconcile.

## Related Issue

Resolves #363

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request)
followed

---------

Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: move api service watch to reconcile defenseunicorns/uds-core
1 participant
@cmwylie19