The Rule struct that is used in policies and profiles has grown very large over time. With allocation overheads, policies end up using approximately 1KB per rule, which is excessive.
In the active rules calculator, store inactive policies in a compressed format; first encoding them as JSON, then compressing with "snappy", a lightweight and high speed compression algorithm. The data is already marked up for JSON serialisation (as used by Typha to serialise the stream to Felix) so this should be very safe. Unpack the policies on demand.
In the policy resolver, avoid storing the whole policy and extract the needed metadata in a compact struct. Simplify the policy sorter by replacing nil with +Inf, which sorts exactly as we want. This avoids boxing a float; it can be stored directly in the struct instead.
Related issues/PRs
Todos
[ ] Tests
[ ] Documentation
[ ] Release note
Release Note
Felix now compresses network policies and namespaces in memory, reducing RAM usage in clusters with many policies/namespaces that are not active on a given node.
Reminder for the reviewer
Make sure that this PR has the correct labels and milestone set.
Every PR needs one docs-* label.
docs-pr-required: This change requires a change to the documentation that has not been completed yet.
docs-completed: This change has all necessary documentation completed.
docs-not-required: This change has no user-facing impact and requires no docs.
Every PR needs one release-note-* label.
release-note-required: This PR has user-facing changes. Most PRs should have this label.
release-note-not-required: This PR has no user-facing changes.
Other optional labels:
cherry-pick-candidate: This PR should be cherry-picked to an earlier release. For bug fixes only.
needs-operator-pr: This PR is related to install and requires a corresponding change to the operator.
Description
The
Rulestruct that is used in policies and profiles has grown very large over time. With allocation overheads, policies end up using approximately 1KB per rule, which is excessive.In the active rules calculator, store inactive policies in a compressed format; first encoding them as JSON, then compressing with "snappy", a lightweight and high speed compression algorithm. The data is already marked up for JSON serialisation (as used by Typha to serialise the stream to Felix) so this should be very safe. Unpack the policies on demand.
In the policy resolver, avoid storing the whole policy and extract the needed metadata in a compact struct. Simplify the policy sorter by replacing
nilwith+Inf, which sorts exactly as we want. This avoids boxing a float; it can be stored directly in the struct instead.Related issues/PRs
Todos
Release Note
Reminder for the reviewer
Make sure that this PR has the correct labels and milestone set.
Every PR needs one
docs-*label.docs-pr-required: This change requires a change to the documentation that has not been completed yet.docs-completed: This change has all necessary documentation completed.docs-not-required: This change has no user-facing impact and requires no docs.Every PR needs one
release-note-*label.release-note-required: This PR has user-facing changes. Most PRs should have this label.release-note-not-required: This PR has no user-facing changes.Other optional labels:
cherry-pick-candidate: This PR should be cherry-picked to an earlier release. For bug fixes only.needs-operator-pr: This PR is related to install and requires a corresponding change to the operator.