Scope secrets cache to single namespace #972
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Incorporate open-policy-agent/cert-controller#16 to avoid caching cluster-wide secrets in certificate rotation controller. This will reduce the memory consumption of Gatekeeper on clusters with a large number of secrets defined. Fixes: open-policy-agent#831 Signed-off-by: Oren Shomron <shomron@gmail.com>
Codecov Report
@@ Coverage Diff @@
## master #972 +/- ##
==========================================
+ Coverage 46.38% 46.64% +0.26%
==========================================
Files 56 56
Lines 3454 3454
==========================================
+ Hits 1602 1611 +9
+ Misses 1645 1640 -5
+ Partials 207 203 -4
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
sozercan
approved these changes
Nov 19, 2020
shomron
added a commit
to shomron/gatekeeper
that referenced
this pull request
Nov 25, 2020
Incorporate open-policy-agent/cert-controller#16 to avoid caching cluster-wide secrets in certificate rotation controller. This will reduce the memory consumption of Gatekeeper on clusters with a large number of secrets defined. Fixes: open-policy-agent#831 Signed-off-by: Oren Shomron <shomron@gmail.com> Co-authored-by: Max Smythe <smythe@google.com>
shomron
added a commit
to shomron/gatekeeper
that referenced
this pull request
Nov 25, 2020
Incorporate open-policy-agent/cert-controller#16 to avoid caching cluster-wide secrets in certificate rotation controller. This will reduce the memory consumption of Gatekeeper on clusters with a large number of secrets defined. Fixes: open-policy-agent#831 Signed-off-by: Oren Shomron <shomron@gmail.com> Co-authored-by: Max Smythe <smythe@google.com>
shomron
added a commit
that referenced
this pull request
Dec 1, 2020
#982) * Allow multiple webhooks to be created (#882) The PR prepares gatekeeper to be able to create multiple webhooks. Common webhook code was extracted to a separate file, and an update to cert rotator is used that allows to update multiple webhooks. Tested: Gatekeeper with the changes was run. An incoming resource was successfuly denied request due to gatekeeper policy. Signed-off-by: mmirecki <mmirecki@redhat.com> Signed-off-by: Oren Shomron <shomron@gmail.com> Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com> * Scope secrets cache to single namespace (#972) Incorporate open-policy-agent/cert-controller#16 to avoid caching cluster-wide secrets in certificate rotation controller. This will reduce the memory consumption of Gatekeeper on clusters with a large number of secrets defined. Fixes: #831 Signed-off-by: Oren Shomron <shomron@gmail.com> Co-authored-by: Max Smythe <smythe@google.com> * Fix e2e test flakiness (#964) * Fix e2e test flakiness Signed-off-by: Max Smythe <smythe@google.com> Signed-off-by: Oren Shomron <shomron@gmail.com> Co-authored-by: Marcin Mirecki <mmirecki@redhat.com> Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com> Co-authored-by: Max Smythe <smythe@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Incorporate open-policy-agent/cert-controller#16 to avoid caching
cluster-wide secrets in certificate rotation controller. This will
reduce the memory consumption of Gatekeeper on clusters with a large
number of secrets defined.
Fixes #831
Signed-off-by: Oren Shomron shomron@gmail.com
Special notes for your reviewer:
Tests for this change can be found in the cert-controller repo. However, we should probably expand the tests we have to verify main.go stitches everything together properly.