-
Notifications
You must be signed in to change notification settings - Fork 743
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scope secrets cache to single namespace #972
Conversation
Incorporate open-policy-agent/cert-controller#16 to avoid caching cluster-wide secrets in certificate rotation controller. This will reduce the memory consumption of Gatekeeper on clusters with a large number of secrets defined. Fixes: open-policy-agent#831 Signed-off-by: Oren Shomron <shomron@gmail.com>
Codecov Report
@@ Coverage Diff @@
## master #972 +/- ##
==========================================
+ Coverage 46.38% 46.64% +0.26%
==========================================
Files 56 56
Lines 3454 3454
==========================================
+ Hits 1602 1611 +9
+ Misses 1645 1640 -5
+ Partials 207 203 -4
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Incorporate open-policy-agent/cert-controller#16 to avoid caching cluster-wide secrets in certificate rotation controller. This will reduce the memory consumption of Gatekeeper on clusters with a large number of secrets defined. Fixes: open-policy-agent#831 Signed-off-by: Oren Shomron <shomron@gmail.com> Co-authored-by: Max Smythe <smythe@google.com>
Incorporate open-policy-agent/cert-controller#16 to avoid caching cluster-wide secrets in certificate rotation controller. This will reduce the memory consumption of Gatekeeper on clusters with a large number of secrets defined. Fixes: open-policy-agent#831 Signed-off-by: Oren Shomron <shomron@gmail.com> Co-authored-by: Max Smythe <smythe@google.com>
#982) * Allow multiple webhooks to be created (#882) The PR prepares gatekeeper to be able to create multiple webhooks. Common webhook code was extracted to a separate file, and an update to cert rotator is used that allows to update multiple webhooks. Tested: Gatekeeper with the changes was run. An incoming resource was successfuly denied request due to gatekeeper policy. Signed-off-by: mmirecki <mmirecki@redhat.com> Signed-off-by: Oren Shomron <shomron@gmail.com> Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com> * Scope secrets cache to single namespace (#972) Incorporate open-policy-agent/cert-controller#16 to avoid caching cluster-wide secrets in certificate rotation controller. This will reduce the memory consumption of Gatekeeper on clusters with a large number of secrets defined. Fixes: #831 Signed-off-by: Oren Shomron <shomron@gmail.com> Co-authored-by: Max Smythe <smythe@google.com> * Fix e2e test flakiness (#964) * Fix e2e test flakiness Signed-off-by: Max Smythe <smythe@google.com> Signed-off-by: Oren Shomron <shomron@gmail.com> Co-authored-by: Marcin Mirecki <mmirecki@redhat.com> Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com> Co-authored-by: Max Smythe <smythe@google.com>
Incorporate open-policy-agent/cert-controller#16 to avoid caching
cluster-wide secrets in certificate rotation controller. This will
reduce the memory consumption of Gatekeeper on clusters with a large
number of secrets defined.
Fixes #831
Signed-off-by: Oren Shomron shomron@gmail.com
Special notes for your reviewer:
Tests for this change can be found in the cert-controller repo. However, we should probably expand the tests we have to verify main.go stitches everything together properly.