Merge pull request #1664 from weaveworks/caching-users-clients

Reusing k8s clients

Author: yiannistri

CONTRIBUTING.md

@@ -637,10 +637,10 @@ rules:
     verbs: ["impersonate"]
   - apiGroups: [""]
     resources: ["namespaces"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: ["apiextensions.k8s.io"] # required for canary support
     resources: ["customresourcedefinitions"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]
 ```
 
 **CAPI NAME COLLISION WARNING**

charts/cluster-controller/values.yaml

@@ -13,7 +13,7 @@ controllerManager:
   manager:
     image:
       repository: docker.io/weaveworks/cluster-controller
-      tag: v1.3.2
+      tag: v1.4.0
     resources:
       limits:
         cpu: 500m

charts/mccp/templates/clusters-service/configmap.yaml

@@ -16,6 +16,7 @@ data:
   CAPI_REPOSITORY_CLUSTERS_PATH: {{ .Values.config.capi.repositoryClustersPath | quote }}
   CAPI_TEMPLATES_REPOSITORY_API_URL: {{ .Values.config.capi.repositoryApiURL | quote }}
   CAPI_TEMPLATES_REPOSITORY_BASE_BRANCH: {{ .Values.config.capi.baseBranch | quote }}
+  USE_K8S_CACHED_CLIENTS: {{.Values.global.useK8sCachedClients | quote }}
   {{- /* build up the support auth methods string, should look like "oidc,user-account" */ -}}
   {{- $authMethods := list }}
   {{- if .Values.config.auth.userAccount.enabled -}}{{- $authMethods = append $authMethods "user-account"  -}}{{- end }}
@@ -35,4 +36,4 @@ data:
   {{- if and .Values.tls.enabled .Values.tls.secretName }}
   TLS_CERT_FILE: /etc/clusters-service-tls/tls.crt
   TLS_PRIVATE_KEY: /etc/clusters-service-tls/tls.key
-  {{- end }}
+  {{- end }}

charts/mccp/templates/rbac/clusters_service_customresourcedefinitions_reader_role.yaml

@@ -6,4 +6,4 @@ rules:
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
     # read used to detect if flagger is installed
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]

charts/mccp/templates/rbac/user_roles.yaml

@@ -26,19 +26,19 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["secrets", "pods", "services"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: ["apps"]
     resources: ["deployments", "replicasets"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: ["kustomize.toolkit.fluxcd.io"]
     resources: ["kustomizations"]
-    verbs: ["get", "list", "patch"]
+    verbs: ["get", "list", "watch", "patch"]
   - apiGroups: ["helm.toolkit.fluxcd.io"]
     resources: ["helmreleases"]
-    verbs: ["get", "list", "patch"]
+    verbs: ["get", "list", "watch", "patch"]
   - apiGroups: ["source.toolkit.fluxcd.io"]
     resources: ["buckets", "helmcharts", "gitrepositories", "helmrepositories", "ocirepositories"]
-    verbs: ["get", "list", "patch"]
+    verbs: [ "get", "list", "watch", "patch" ]
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["get", "watch", "list"]
@@ -50,7 +50,7 @@ rules:
     verbs: ["get", "watch", "list", "patch"]
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -115,7 +115,7 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["secrets"]
-    verbs: ["get", "list", "create"]
+    verbs: ["get", "list", "watch", "create"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -129,7 +129,7 @@ metadata:
 rules:
   - apiGroups: ["pac.weave.works"]
     resources: ["policies"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["get", "watch", "list"]
@@ -146,7 +146,7 @@ metadata:
 rules:
   - apiGroups: ["flagger.app"]
     resources: ["canaries","metrictemplates"]
-    verbs: ["get", "list"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["get", "watch", "list"]

charts/mccp/values.yaml

@@ -141,3 +141,4 @@ networkPolicy:
 
 global:
   capiEnabled: true
+  useK8sCachedClients: false

cmd/clusters-service/app/server.go

@@ -132,6 +132,7 @@ type Params struct {
 	TLSKey                            string                    `mapstructure:"tls-key"`
 	NoTLS                             bool                      `mapstructure:"no-tls"`
 	DevMode                           bool                      `mapstructure:"dev-mode"`
+	UseK8sCachedClients               bool                      `mapstructure:"use-k8s-cached-clients"`
 }
 
 type OIDCAuthenticationOptions struct {
@@ -204,6 +205,7 @@ func NewAPIServerCommand(log logr.Logger, tempDir string) *cobra.Command {
 	cmd.Flags().Duration("oidc-token-duration", time.Hour, "The duration of the ID token. It should be set in the format: number + time unit (s,m,h) e.g., 20m")
 
 	cmd.Flags().Bool("dev-mode", false, "starts the server in development mode")
+	cmd.Flags().Bool("use-k8s-cached-clients", true, "Enables the use of cached clients")
 
 	return cmd
 }
@@ -396,12 +398,17 @@ func StartServer(ctx context.Context, log logr.Logger, tempDir string, p Params)
 	runtimeUtil.Must(pipelinev1alpha1.AddToScheme(clustersManagerScheme))
 	runtimeUtil.Must(tfctrl.AddToScheme(clustersManagerScheme))
 
+	clientsFactory := clustersmngr.CachedClientFactory
+	if !p.UseK8sCachedClients {
+		clientsFactory = clustersmngr.ClientFactory
+	}
+
 	clustersManager := clustersmngr.NewClustersManager(
 		mcf,
 		nsaccess.NewChecker(nsaccess.DefautltWegoAppRules),
 		log,
 		clustersManagerScheme,
-		clustersmngr.NewClustersClientsPool,
+		clientsFactory,
 		clustersmngr.DefaultKubeConfigOptions,
 	)
 	clustersManager.Start(ctx)

go.mod

@@ -15,7 +15,7 @@ require (
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.5.0
 	github.com/stretchr/testify v1.8.0
-	github.com/weaveworks/weave-gitops v0.10.0
+	github.com/weaveworks/weave-gitops v0.10.1-0.20221017171530-29971f9a3686
 	github.com/weaveworks/weave-gitops-enterprise-credentials v0.0.2
 	github.com/weaveworks/weave-gitops-enterprise/common v0.0.0
 	gopkg.in/yaml.v3 v3.0.1 // indirect
@@ -48,7 +48,7 @@ require (
 	github.com/mkmik/multierror v0.3.0
 	github.com/onsi/ginkgo/v2 v2.1.6
 	github.com/spf13/viper v1.12.0
-	github.com/weaveworks/cluster-controller v1.3.2
+	github.com/weaveworks/cluster-controller v1.4.0
 	github.com/weaveworks/go-checkpoint v0.0.0-20220223124739-fd9899e2b4f2
 	github.com/weaveworks/policy-agent/api v1.0.4
 	github.com/weaveworks/progressive-delivery v0.0.0-20220915081124-d9f0c4063521

go.sum

@@ -1347,8 +1347,10 @@ github.com/valyala/fasthttp v1.30.0/go.mod h1:2rsYD01CKFrjjsvFxx75KlEUNpWNBY9JWD
 github.com/valyala/quicktemplate v1.7.0/go.mod h1:sqKJnoaOF88V07vkO+9FL8fb9uZg/VPSJnLYn+LmLk8=
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
 github.com/viki-org/dnscache v0.0.0-20130720023526-c70c1f23c5d8/go.mod h1:dniwbG03GafCjFohMDmz6Zc6oCuiqgH6tGNyXTkHzXE=
-github.com/weaveworks/cluster-controller v1.3.2 h1:MBM2u5KDHhizXyx0oEByPXejgvg9e1qTQZuYtXgRVrI=
-github.com/weaveworks/cluster-controller v1.3.2/go.mod h1:e0Bka2iXVITQG+cG7/u8ZOB5QTaguMmgg+n5nrYaqxQ=
+github.com/weaveworks/cluster-controller v1.3.3-0.20221011162507-f8e726094d4b h1:STpHllhYZPyrnJT2bH7d/nRpZ7bh5dWu1s3MZTZH98k=
+github.com/weaveworks/cluster-controller v1.3.3-0.20221011162507-f8e726094d4b/go.mod h1:NrgkuiyejE2nizsiXNeqaNWfVhpvG2SlAiWHnxKIS4U=
+github.com/weaveworks/cluster-controller v1.4.0 h1:AFvWGm3Lpad6zcbx4IMOvsv1vzUIXnevNScv9pI/D00=
+github.com/weaveworks/cluster-controller v1.4.0/go.mod h1:NrgkuiyejE2nizsiXNeqaNWfVhpvG2SlAiWHnxKIS4U=
 github.com/weaveworks/go-checkpoint v0.0.0-20220223124739-fd9899e2b4f2 h1:EWUmjQdHzmBimPxGIus5JOvNPu+tWxOTC+Q4w9fJOok=
 github.com/weaveworks/go-checkpoint v0.0.0-20220223124739-fd9899e2b4f2/go.mod h1:HfUHaw/CuYj2phXCM9etFQwvOQ3W0786feIEs9OMFHk=
 github.com/weaveworks/pipeline-controller/api v0.0.0-20220916165727-cb8504f08c22 h1:Nn0uFFztrATEyTIwYd0yLXKk7Ee9Ndx6P3DFZsU4TxU=
@@ -1359,8 +1361,8 @@ github.com/weaveworks/progressive-delivery v0.0.0-20220915081124-d9f0c4063521 h1
 github.com/weaveworks/progressive-delivery v0.0.0-20220915081124-d9f0c4063521/go.mod h1:ib0H6jkIMkHnz/2BpE2Lvj/D6xwhiieiWjUwAcoZ+Oo=
 github.com/weaveworks/tf-controller/api v0.0.0-20220829140311-2391c1d66e7c h1:mbiOaxEammDTQX0wWZdJ6cfIgGqP7Zf3zyF+qbeTG0s=
 github.com/weaveworks/tf-controller/api v0.0.0-20220829140311-2391c1d66e7c/go.mod h1:I+QGICmh0CMNJnbJamO6+tfdHvOrceMQdYZcj2AzBVA=
-github.com/weaveworks/weave-gitops v0.10.0 h1:2P6kpzlaJ5Tig2KoUdoQ10yacrzMz4YFQpyGNOeOkb4=
-github.com/weaveworks/weave-gitops v0.10.0/go.mod h1:aN9coD172ZhF7xdRFMSxIE3Zi6+W2b2usDZcqskS5rM=
+github.com/weaveworks/weave-gitops v0.10.1-0.20221017171530-29971f9a3686 h1:T4YL+fhheLpkW9shiktIiBVCgj5fcAlDFxcjHrCr1OQ=
+github.com/weaveworks/weave-gitops v0.10.1-0.20221017171530-29971f9a3686/go.mod h1:p6+/3shchN5kCMRZ6L47cd59PEPijQ8wehhFFDKV3fs=
 github.com/weaveworks/weave-gitops-enterprise-credentials v0.0.2 h1:7jeiQehqmI4ds6YIq8TW1Vqhlb6V7G2BVRJ8VM3r99I=
 github.com/weaveworks/weave-gitops-enterprise-credentials v0.0.2/go.mod h1:6PMYg+VtSNePnP7EXyNG+/hNRNZ3r0mQtolIZU4s/J0=
 github.com/xanzy/go-gitlab v0.73.1 h1:UMagqUZLJdjss1SovIC+kJCH4k2AZWXl58gJd38Y/hI=

internal/entesting/grpc.go

@@ -39,7 +39,7 @@ func MakeGRPCServer(t *testing.T, cfg *rest.Config, k8sEnv *testutils.K8sTestEnv
 		&nsChecker,
 		log,
 		nil,
-		clustersmngr.NewClustersClientsPool,
+		clustersmngr.ClientFactory,
 		clustersmngr.DefaultKubeConfigOptions,
 	)