reconcile, Filter daemon-sets and deployments to controlled namespace #978
Conversation
In order to save compute/network resources, filter the watch CNAO does on the deployments and daemonset to watch only CNAO operator namespace. Signed-off-by: Or Shoval <oshoval@redhat.com>
kubevirt-bot
added
release-note-none
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Kudos, SonarCloud Quality Gate passed!
|
| @@ -131,7 +131,7 @@ func add(mgr manager.Manager, r *ReconcileNetworkAddonsConfig) error { | |||
| // Create custom predicate for NetworkAddonsConfig watcher. This makes sure that Status field | |||
| // updates will not trigger reconciling of the object. Reconciliation is trigger only if | |||
| // Spec fields differ. | |||
| pred := predicate.Funcs{ | |||
| crPred := predicate.Funcs{ | |||
There was a problem hiding this comment.
Predicates are filtering on the client level, we are still getting all the Pods streamed from the API server.
We should either register the cache to only watch a specific namespace using https://github.com/kubernetes-sigs/controller-runtime/blob/master/pkg/manager/manager.go#L188. But with this I'm not sure whether we can limit only part of the operator.
If the option above is not possible, we may want to use new Quique's option to filter on cache: kubernetes-sigs/controller-runtime#1435
There was a problem hiding this comment.
Tried the first option #981
the only tests that are failing are the ones that deploy nmstate on different namespace (nmstate ns) because it can't find them,
its a no go then ?
or its safe to require that no other component is installed ?
https://prow.ci.kubevirt.io/view/gs/kubevirt-prow/pr-logs/pull/kubevirt_cluster-network-addons-operator/981/pull-e2e-cluster-network-addons-operator-workflow-k8s/1429820891172179968
there is also this failure but i don't think its related
https://prow.ci.kubevirt.io/view/gs/kubevirt-prow/pr-logs/pull/kubevirt_cluster-network-addons-operator/981/pull-e2e-cluster-network-addons-operator-nmstate-functests/1429820891654524928
maybe we can change the namespace of the external nmstate to be in the real namespace ? or its not good
if we don't want this approach we need to bump controller-runtime and check the 2nd approach,
there as well we would need to filter according all the app labels of the components that we want to watch, because we can't predict the namespaces where it will be deployed
|
closing as this is client side, and we want server side filtering of just cnao components, even on external namespaces (using labels most likley with Quique method, but didn't try yet) first controller runtime is needed see #978 (comment) |
In order to save compute/network resources, filter the watch
CNAO does on the deployments and daemonset to watch only
CNAO operator namespace.
Signed-off-by: Or Shoval oshoval@redhat.com