This release focuses on enhancing performance when multiple sources are specified under ClusterAdmissionPolicy.spec.sources. Previously, these sources were retrieved from Kubernetes with each admission request, which impacted performance on large and complex clusters.
To address this, we've introduced the SourcesController. This controller watches and accumulates user-requested sources in the background, maintaining them as a pool of resources. Other controllers can now use this as a single source of truth, improving performance by reducing the number of requests made to Kubernetes.
Changes:
- Created SourcesController: Maintains watchers for each requested source type, defined as
{group}/{version}/{resource}/{namespace}/{name}. - Modified ClusterAdmissionPolicy Controller: Now calls
sources.SyncWatchersat the end of each reconcile cycle. - Updated AdmissionController: Adjusted to retrieve sources from the SourcesController.
- Changed Operator Entry Point: Updated to launch the SourcesController on startup.
- Added Configurable Options: Introduced flags for configuring the SourcesController's options.
- Updated Documentation: Added information about the new flags in the README.
Out-of-scope:
- Added Proper License Headers: Ensured all code files have the correct license headers.
- Decoupled ValidatingWebhookConfiguration Creation: Separated the creation of the
ValidatingWebhookConfigurationobject from theSyncAdmissionPool()logic. - Renamed XYZ Controller: Changed the name of the XYZ controller to
AdmissionControllerfor clarity.
This release is dedicated to @jaimeph who is always taking care of potential performance issues ❤️
Contributors:
@achetronic
Contributors
jaimeph and achetronic