Cache only required secrets#903
Conversation
metal3-io-bot
added
do-not-merge/work-in-progress
|
/hold requires |
metal3-io-bot
added
the
do-not-merge/hold
andfasano
force-pushed
the
dont-cache-secrets
branch
2 times, most recently
from
8525aca to
ce32a2c
Compare
metal3-io-bot
added
size/XXL
andfasano
force-pushed
the
dont-cache-secrets
branch
from
90dd1a4 to
7cf62f1
Compare
andfasano
changed the title
metal3-io-bot
removed
the
do-not-merge/work-in-progress
andfasano
force-pushed
the
dont-cache-secrets
branch
from
7cf62f1 to
ec6e1a1
Compare
|
/hold cancel controller-runtime 0.9.0 has been released |
metal3-io-bot
removed
the
do-not-merge/hold
andfasano
force-pushed
the
dont-cache-secrets
branch
from
ec6e1a1 to
fa83ffb
Compare
|
/test-integration |
1 similar comment
|
/test-integration |
|
/hold investigating test-integration failure |
metal3-io-bot
added
the
do-not-merge/hold
|
/hold cancel |
metal3-io-bot
removed
the
do-not-merge/hold
andfasano
force-pushed
the
dont-cache-secrets
branch
from
2e407ef to
a74ac8d
Compare
|
/test-integration |
|
@andfasano: you cannot LGTM your own PR. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/test-integration |
andfasano
force-pushed
the
dont-cache-secrets
branch
4 times, most recently
from
c31aaa8 to
f145820
Compare
|
/test-integration |
furkatgofurov7
left a comment
furkatgofurov7
left a comment
There was a problem hiding this comment.
There are conflicting changes with this and #917 in terms of go modules
Yes that is what I meant actually, that both are doing the same changes in case if you were not aware of the other work. |
zaneb
left a comment
zaneb
left a comment
There was a problem hiding this comment.
This looks basically good to me
andfasano
force-pushed
the
dont-cache-secrets
branch
from
f145820 to
89aac5d
Compare
|
/test-integration |
1 similar comment
|
/test-integration |
|
/lgtm |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hardys The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
metal3-io-bot
added
the
approved
Fixed manifests change (linebreaks) Fixed broken test due changes in handling finalizers in the fake client
The internal cache now filters out secrets without the label "metal3.io.environment":"baremetal". The controller takes care of applying such label to the owned secrets only
andfasano
force-pushed
the
dont-cache-secrets
branch
from
89aac5d to
9d02680
Compare
andfasano
force-pushed
the
dont-cache-secrets
branch
from
9d02680 to
931a00a
Compare
|
Rebase was required due the CRD changes introduced in #884 |
|
/test-integration |
| description: Custom deploy method name. This name is specific to the deploy ramdisk used. If you don't have a custom deploy ramdisk, you shouldn't use CustomDeploy. | ||
| description: Custom deploy method name. This name is specific | ||
| to the deploy ramdisk used. If you don't have a custom deploy | ||
| ramdisk, you shouldn't use CustomDeploy. |
There was a problem hiding this comment.
These changes should really be in the first commit.
5 participants
This PR limits the BMO secrets caching just to those ones really required, by filtering secrets watch request through a new label selector.
This will fix the problem of the very high memory usage detected when BMO is configured to watch the entire cluster (
WATCH_NAMESPACE=""), and moreover will keep in cache just the BMH related secrets.Fixes #904