Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 admission/webhooks: properly cache webhooks and cleanup #3164

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

🐛 admission/webhooks: properly cache webhooks and cleanup #3164

wants to merge 1 commit into from

Conversation

sttts
Copy link
Member

@sttts sttts commented Sep 17, 2024
edited
Loading

Summary

The old code only added webhook sources, but never cleaned up. This PR bump kube to get CEL optimization for webhook filters, and it properly caches the webhook per cluster and cleans up on deletion.

Related issue(s)

Fixes #

Release Notes

Fix memory leak in admission webhook caching.

@kcp-ci-bot kcp-ci-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates the PR's author has signed the DCO. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API labels Sep 17, 2024
@kcp-ci-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from sttts. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kcp-ci-bot kcp-ci-bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Sep 17, 2024
@sttts sttts force-pushed the sttts-admission-webhook-cache branch from 6fd6ff4 to e092d25 Compare September 17, 2024 11:05
@kcp-ci-bot kcp-ci-bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Sep 17, 2024
mjudeikis
mjudeikis reviewed Sep 20, 2024
View reviewed changes
pkg/admission/mutatingwebhook/plugin.go
managerLock sync.Mutex
managersCache map[logicalcluster.Name]generic.Source
lock sync.RWMutex
cache map[logicalcluster.Name]map[logicalcluster.Name]clusterCache // by request and hook source cluster.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you elaborate why we need sourceCluster and cluster logicalclusters in this cache?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its Source and Target? maybe name them this way if this the case

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

because we have two informers giving us webhook configuration: locally in the workspace and from the APIExport workspace (cache server).

@sttts sttts force-pushed the sttts-admission-webhook-cache branch from e092d25 to 2893133 Compare September 20, 2024 06:58
@kcp-ci-bot kcp-ci-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Sep 20, 2024
@sttts sttts force-pushed the sttts-admission-webhook-cache branch 3 times, most recently from a279f53 to d27211a Compare September 27, 2024 11:38
@sttts sttts force-pushed the sttts-admission-webhook-cache branch from d27211a to 6493b39 Compare September 27, 2024 11:42
@sttts
Copy link
Member Author

sttts commented Sep 27, 2024

/retest

@kcp-ci-bot
Copy link
Contributor

@sttts: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-kcp-test-e2e-multiple-runs 6493b39 link true /test pull-kcp-test-e2e-multiple-runs
pull-kcp-test-e2e 6493b39 link true /test pull-kcp-test-e2e
pull-kcp-test-e2e-shared 6493b39 link true /test pull-kcp-test-e2e-shared
pull-kcp-test-e2e-sharded 6493b39 link true /test pull-kcp-test-e2e-sharded

Full PR test history

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mjudeikis mjudeikis mjudeikis left review comments

Assignees
No one assigned
Labels
dco-signoff: yes Indicates the PR's author has signed the DCO. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sttts @kcp-ci-bot @mjudeikis