Add RBAC for endpoint slices for functions and leases for LeaderElection #1160
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
EndpointSlices are more efficient than Endpoints at scale. Both editions of OpenFaaS Pro will gain support, and CE will continue to use Endpoints. Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
alexellis
force-pushed
the
slices_and_leases
branch
from
a2f8142 to
0d729f5
Compare
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
alexellis
force-pushed
the
slices_and_leases
branch
from
018ffe4 to
0339417
Compare
Pprof is already present in the operator, but required manual edits. This commit makes it available via values.yaml for easy use. Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
alexellis
force-pushed
the
slices_and_leases
branch
from
0339417 to
291ac3e
Compare
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
welteki
reviewed
Oct 18, 2023
| @@ -495,6 +495,8 @@ yaml) | | |||
| | `operator.image` | Container image used for the openfaas-operator | See [values.yaml](./values.yaml) | | |||
| | `operator.kubeClientQPS` | QPS rate-limit for the Kubernetes client, (OpenFaaS for Enterprises) | `""` (defaults to 100) | | |||
| | `operator.kubeClientBurst` | Burst rate-limit for the Kubernetes client (OpenFaaS for Enterprises) | `""` (defaults to 250) | | |||
| | `operator.reconcileWorkers` | Number of reconciliation workers to run to convert Function CRs into Deployments | `1` | | |||
| | `operator.leaderElection.enabled`| When set to true, only one replica of the operator within the gateway pod will perform reconciliation | `false` | | |||
There was a problem hiding this comment.
operator.reconcileQPS and operator.reconcileBurst should also be added to the configuration options.
| # expose the pprof endpoint, this cannot be used in production | ||
| # since it may bypass authentication, and should only be used | ||
| # for debugging purposes | ||
| pprof: false |
There was a problem hiding this comment.
I think we should also set default values for reconcileQPS and reconcileBurst.
|
Hi Han, I would agree that those options could be added at some point. Alex |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Add RBAC for endpoint slices for functions and leases for LeaderElection
EndpointSlices are more efficient than Endpoints at scale.
Both editions of OpenFaaS Pro will gain support, and CE will continue to use Endpoints.
Leader Election will be available in OpenFaaS Pro, in both editions. Only one of the replicas will perform reconciliation. All replicas will serve CRUD for Function/Secret, log tailing and invoke.
Why is this needed?
To prevent many unnecessary updates and writes to the same object, when multiple operators try to reconcile a Function CR into a Deployment/Service.
Who is this for?
For Patchworks to support scaling to large numbers of functions.
How Has This Been Tested?
Endpoint Slices have had E2E testing and work, but require testing during scaling with
heyLeaderElection is pending and will be added to the chart in this PR.
Types of changes