Allow customization of enableServiceLinks container attribute in tenant CRD

[mshanmu]

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] Currently, there is no way to customize enableServiceLinks container attribute in tenant object.

Describe the solution you'd like A clear and concise description of what you want to happen.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context Add any other context or screenshots about the feature request here.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

[cesnietor]

context https://kubernetes.io/docs/tutorials/services/connect-applications-service/#accessing-the-service. @mshanmu could you please provide more context on your use case?

[mshanmu]

@cesnietor , Please check https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#pod-v1-core link, you will see an attribute named enableServiceLinks. Currently, there is NO way to specify this with tenant CRD. Since, tenant configuration creates the statefulset, the statefulset in turn creates the pod.

[pjuarezd]

Correct @mshanmu we see in the docs that the property is there and is enabled by default.

enableServiceLinks
boolean
EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.

Would you mind explain to us why you need to disable it? We would like to understand more of your use case

[mshanmu]

@pjuarezd , enableServiceLinks causes lot of service related enviornment variables to be injected into the pod, causing performance issues for us.

[pjuarezd]

Interesting, what performance Issues? can you share the details please @mshanmu ? I am trying to verify if we should disable enableServiceLinks by default, and help others having this same issue find the reason

[mshanmu]

@pjuarezd , As you can see, this was from last year August, I don't remember the performance issues. For now, we have used kyverno policy to disable it automatically.

[pjuarezd]

i get it, It would be nice to have the scenario documented but it's all right, thanks @mshanmu.

This is the kyverno policy in mention right? https://kyverno.io/policies/other/b-d/disable-service-discovery/disable-service-discovery/

It seems that also could benefit having te dnsPolicy available as well as per this other issue https://github.com/minio/operator/issues/1151

Let me check on the possible rammifications on change these settings, but so far I don't seem to find an issue with enableServiceLinks, however on dnsPolicies it will be useful to be able to configure the DNS resolution behavior.

Will check on both

[mshanmu]

@pjuarezd Yes, something similar to that one. Thanks for your help !!