perf(provider/kubernetes): caching agent restrictions by kind (#2697)

clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/config/KubernetesConfigurationProperties.groovy

@@ -49,6 +49,7 @@ class KubernetesConfigurationProperties {
     String namingStrategy = "kubernetesAnnotations"
     Boolean debug = false
     List<CustomKubernetesResource> customResources;
+    List<KubernetesCachingPolicy> cachingPolicies;
     List<String> kinds
     List<String> omitKinds
   }
@@ -69,3 +70,9 @@ class CustomKubernetesResource {
   String deployPriority = "100"
   boolean versioned = false
 }
+
+@ToString(includeNames = true)
+class KubernetesCachingPolicy {
+  String kubernetesKind
+  int maxEntriesPerAgent
+}

clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesNamedAccountCredentials.java

@@ -19,6 +19,7 @@
 import com.netflix.spectator.api.Registry;
 import com.netflix.spinnaker.clouddriver.kubernetes.KubernetesCloudProvider;
 import com.netflix.spinnaker.clouddriver.kubernetes.config.CustomKubernetesResource;
+import com.netflix.spinnaker.clouddriver.kubernetes.config.KubernetesCachingPolicy;
 import com.netflix.spinnaker.clouddriver.kubernetes.config.LinkedDockerRegistryConfiguration;
 import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials;
 import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesManifest;
@@ -200,6 +201,7 @@ static class Builder<C extends KubernetesCredentials> {
     KubectlJobExecutor jobExecutor;
     Namer namer;
     List<CustomKubernetesResource> customResources;
+    List<KubernetesCachingPolicy> cachingPolicies;
     List<String> kinds;
     List<String> omitKinds;
     boolean debug;
@@ -347,6 +349,11 @@ Builder namer(Namer namer) {
       return this;
     }
 
+    Builder cachingPolicies(List<KubernetesCachingPolicy> cachingPolicies) {
+      this.cachingPolicies = cachingPolicies;
+      return this;
+    }
+
     Builder customResources(List<CustomKubernetesResource> customResources) {
       this.customResources = customResources;
       return this;
@@ -398,6 +405,7 @@ private C buildCredentials() {
               .omitNamespaces(omitNamespaces)
               .registry(spectatorRegistry)
               .customResources(customResources)
+              .cachingPolicies(cachingPolicies)
               .kinds(kinds)
               .omitKinds(omitKinds)
               .debug(debug)

clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesNamedAccountCredentialsInitializer.groovy

@@ -103,6 +103,7 @@ class KubernetesNamedAccountCredentialsInitializer implements CredentialsInitial
           .jobExecutor(jobExecutor)
           .namer(namerRegistry.getNamingStrategy(managedAccount.namingStrategy))
           .customResources(managedAccount.customResources)
+          .cachingPolicies(managedAccount.cachingPolicies)
           .kinds(managedAccount.kinds)
           .omitKinds(managedAccount.omitKinds)
           .debug(managedAccount.debug)

clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/caching/agent/KubernetesV2CachingAgent.java

@@ -25,6 +25,7 @@
 import com.netflix.spinnaker.cats.provider.ProviderCache;
 import com.netflix.spinnaker.clouddriver.kubernetes.KubernetesCloudProvider;
 import com.netflix.spinnaker.clouddriver.kubernetes.caching.KubernetesCachingAgent;
+import com.netflix.spinnaker.clouddriver.kubernetes.config.KubernetesCachingPolicy;
 import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials;
 import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesResourcePropertyRegistry;
 import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.RegistryUtils;
@@ -73,7 +74,7 @@ protected List<KubernetesKind> primaryKinds() {
   }
 
   protected Map<KubernetesKind, List<KubernetesManifest>> loadPrimaryResourceList() {
-    return namespaces.stream()
+    Map<KubernetesKind, List<KubernetesManifest>> result = namespaces.stream()
         .map(n -> {
           try {
             return credentials.list(primaryKinds(), n);
@@ -85,6 +86,26 @@ protected Map<KubernetesKind, List<KubernetesManifest>> loadPrimaryResourceList(
         .filter(Objects::nonNull)
         .flatMap(Collection::stream)
         .collect(Collectors.groupingBy(KubernetesManifest::getKind));
+
+    for (KubernetesCachingPolicy policy : credentials.getCachingPolicies()) {
+      KubernetesKind policyKind = KubernetesKind.fromString(policy.getKubernetesKind());
+      if (!result.containsKey(policyKind)) {
+        continue;
+      }
+
+      List<KubernetesManifest> entries = result.get(policyKind);
+      if (entries == null) {
+        continue;
+      }
+
+      if (entries.size() > policy.getMaxEntriesPerAgent()) {
+        log.warn("{}: Pruning {} entries from kind {}", getAgentType(), entries.size() - policy.getMaxEntriesPerAgent(), policyKind);
+        entries = entries.subList(0, policy.getMaxEntriesPerAgent());
+        result.put(policyKind, entries);
+      }
+    }
+
+    return result;
   }
 
   protected KubernetesManifest loadPrimaryResource(KubernetesKind kind, String namespace, String name) {

clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/description/manifest/KubernetesKind.java

@@ -20,6 +20,7 @@
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonValue;
 import lombok.Getter;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 
 import java.util.ArrayList;
@@ -28,6 +29,7 @@
 import java.util.Optional;
 import java.util.stream.Collectors;
 
+@Slf4j
 public class KubernetesKind {
   public static KubernetesKind CLUSTER_ROLE = new KubernetesKind("clusterRole", false);
   public static KubernetesKind CLUSTER_ROLE_BINDING = new KubernetesKind("clusterRoleBinding", false);
@@ -139,6 +141,7 @@ public static KubernetesKind fromString(String name, boolean registered, boolean
 
       // separate from the above chain to avoid concurrent modification of the values list
       return kindOptional.orElseGet(() -> {
+        log.info("Dynamically registering {}", name);
         KubernetesKind result = new KubernetesKind(name);
         result.isDynamic = true;
         result.isRegistered = registered;

clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/security/KubernetesV2Credentials.java

@@ -22,6 +22,7 @@
 import com.netflix.spectator.api.Clock;
 import com.netflix.spectator.api.Registry;
 import com.netflix.spinnaker.clouddriver.kubernetes.config.CustomKubernetesResource;
+import com.netflix.spinnaker.clouddriver.kubernetes.config.KubernetesCachingPolicy;
 import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesCredentials;
 import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesPatchOptions;
 import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesKind;
@@ -62,6 +63,7 @@ public class KubernetesV2Credentials implements KubernetesCredentials {
   private final List<KubernetesKind> kinds;
   private final List<KubernetesKind> omitKinds;
   @Getter private final boolean serviceAccount;
+  @Getter private final List<KubernetesCachingPolicy> cachingPolicies;
 
   // TODO(lwander) make configurable
   private final static int namespaceExpirySeconds = 30;
@@ -154,6 +156,7 @@ public static class Builder {
     Registry registry;
     KubectlJobExecutor jobExecutor;
     List<CustomKubernetesResource> customResources;
+    List<KubernetesCachingPolicy> cachingPolicies;
     List<String> kinds;
     List<String> omitKinds;
     boolean debug;
@@ -204,6 +207,11 @@ public Builder jobExecutor(KubectlJobExecutor jobExecutor) {
       return this;
     }
 
+    public Builder cachingPolicies(List<KubernetesCachingPolicy> cachingPolicies) {
+      this.cachingPolicies = cachingPolicies;
+      return this;
+    }
+
     public Builder customResources(List<CustomKubernetesResource> customResources) {
       this.customResources = customResources;
       return this;
@@ -245,6 +253,7 @@ public KubernetesV2Credentials build() {
       customResources = customResources == null ? new ArrayList<>() : customResources;
       kinds = kinds == null ? new ArrayList<>() : kinds;
       omitKinds = omitKinds == null ? new ArrayList<>() : omitKinds;
+      cachingPolicies = cachingPolicies == null ? new ArrayList<>() : cachingPolicies;
 
       return new KubernetesV2Credentials(
           accountName,
@@ -259,6 +268,7 @@ public KubernetesV2Credentials build() {
           oAuthScopes,
           serviceAccount,
           customResources,
+          cachingPolicies,
           KubernetesKind.registeredStringList(kinds),
           KubernetesKind.registeredStringList(omitKinds),
           debug
@@ -278,6 +288,7 @@ private KubernetesV2Credentials(@NotNull String accountName,
       List<String> oAuthScopes,
       boolean serviceAccount,
       @NotNull List<CustomKubernetesResource> customResources,
+      @NotNull List<KubernetesCachingPolicy> cachingPolicies,
       @NotNull List<KubernetesKind> kinds,
       @NotNull List<KubernetesKind> omitKinds,
       boolean debug) {
@@ -295,6 +306,7 @@ private KubernetesV2Credentials(@NotNull String accountName,
     this.oAuthScopes = oAuthScopes;
     this.serviceAccount = serviceAccount;
     this.customResources = customResources;
+    this.cachingPolicies = cachingPolicies;
     this.kinds = kinds;
     this.omitKinds = omitKinds;