fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #989 from mac-chaffee/no-cache-secrets 

Disable caching of secrets and configmaps
This commit is contained in:
Hidde Beydals 2023-01-27 11:50:16 +00:00 committed by GitHub
parent 9dc4271d30 f84afcb9d3
commit 5984c8182d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -5,7 +5,7 @@
[![report](https://goreportcard.com/badge/github.com/fluxcd/source-controller)](https://goreportcard.com/report/github.com/fluxcd/source-controller)
[![license](https://img.shields.io/github/license/fluxcd/source-controller.svg)](https://github.com/fluxcd/source-controller/blob/main/LICENSE)
[![release](https://img.shields.io/github/release/fluxcd/source-controller/all.svg)](https://github.com/fluxcd/source-controller/releases)
The source-controller is a Kubernetes operator, specialised in artifacts acquisition
from external sources such as Git, Helm repositories and S3 buckets.
The source-controller implements the
@ -25,3 +25,5 @@ Features:
* makes the artifacts available in-cluster to interested 3rd parties
* notifies interested 3rd parties of source changes and availability (status conditions, events, hooks)
* reacts to Git push and Helm chart upload events (via [notification-controller](https://github.com/fluxcd/notification-controller))
See [the docs folder](docs/spec/README.md) for more information.

10
internal/features/features.go
View File

@ -29,15 +29,23 @@ const (
// the last revision is still the same at the target repository,
// and if that is so, skips the reconciliation.
OptimizedGitClones = "OptimizedGitClones"
// CacheSecretsAndConfigMaps controls whether secrets and configmaps should be cached.
//
// When enabled, it will cache both object types, resulting in increased memory usage
// and cluster-wide RBAC permissions (list and watch).
CacheSecretsAndConfigMaps = "CacheSecretsAndConfigMaps"
)
var features = map[string]bool{
// OptimizedGitClones
// opt-out from v0.25
OptimizedGitClones: true,
// CacheSecretsAndConfigMaps
// opt-in from v0.34
CacheSecretsAndConfigMaps: false,
}
// DefaultFeatureGates contains a list of all supported feature gates and
// FeatureGates contains a list of all supported feature gates and
// their default values.
func FeatureGates() map[string]bool {
return features

13
main.go
View File

@ -27,11 +27,13 @@ import (
"github.com/go-logr/logr"
flag "github.com/spf13/pflag"
"helm.sh/helm/v3/pkg/getter"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
ctrl "sigs.k8s.io/controller-runtime"
ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
"github.com/fluxcd/pkg/git"
"github.com/fluxcd/pkg/runtime/client"
@ -167,6 +169,16 @@ func main() {
watchNamespace = os.Getenv("RUNTIME_NAMESPACE")
}
disableCacheFor := []ctrlclient.Object{}
shouldCache, err := features.Enabled(features.CacheSecretsAndConfigMaps)
if err != nil {
setupLog.Error(err, "unable to check feature gate "+features.CacheSecretsAndConfigMaps)
os.Exit(1)
}
if !shouldCache {
disableCacheFor = append(disableCacheFor, &corev1.Secret{}, &corev1.ConfigMap{})
}
restConfig := client.GetConfigOrDie(clientOptions)
mgr, err := ctrl.NewManager(restConfig, ctrl.Options{
Scheme: scheme,
@ -181,6 +193,7 @@ func main() {
LeaderElectionID: fmt.Sprintf("%s-leader-election", controllerName),
Namespace: watchNamespace,
Logger: ctrl.Log,
ClientDisableCacheFor: disableCacheFor,
})
if err != nil {
setupLog.Error(err, "unable to start manager")