Open KevinJoiner opened 1 year ago
There's an initial investigation on removing norman entirely (see confluence). That lists what norman resources we use what their subscription affects. Note - that list doesn't include auth config for specific providers from above that we should also include (oidcConfig, keyCloakOIDCConfig, keyCloakConfigetc, etc). There may be others i've missed so need to review.
This would be a tiny change, large test but great performance improvement. We just need to be super careful about the list of resources to subscribe to.
As part of this we should also not send watch/unwatch messages to the norman socket
@richard-cox is this is still relevant for the current work on peformance improvements? Otherwise, can we push this out to Q3?
@gaktive This would be really good to do performance wise (frontend, but mostly backend). There's a medium level of risk in that we need to ensure no resource is missed. It wouldn't take long to implement.
However it's not linked to anything we've specifically committed to delivering and could be a candidate to bump.
Potentially related: https://jira.suse.com/browse/SURE-6952
We will push back on this once we know the future of the Norman API but we will focus on the Steve API first.
Setup
Describe the bug
Currently, The Dashboard opens a WebSocket to Norman to track resource changes using
v3/subscribe
. Rancher will start a watch command to k8s for 77 different CRDs to support this request. The Dashboard may only need change event information for some of these resources. Thus extra resources are being consumed by Rancher to watch CRDs that are not used. As well as extra resources needed by the Dashboard to handle resource changes that are not needed. The Dashboard can limit updates to only include required CRDS with the query parameterresourceTypes
. For example, to watch authconfig and users, the query would be/v3/subscribe?resourceType=authconfig&resourceType=user
.To Reproduce
/v3/subscribe
password-min-length
from 12 -> 11Result Setting changes is sent on the WebSocket
Expected Result Only changes for specific resources are sent on the WebSocket
Additional context The following CRDs are watched by default for a Norman Websocket with no query parameters.
projectCatalog, groupMember, roleTemplate, oidcConfig, clusterMonitorGraph, cisBenchmarkVersion, user, cloudCredential, node, shibbolethConfig, managementSecret, nodeDriver, clusterScan, preference, authConfig, template, clusterRegistrationToken, kontainerDriver, rkeAddon, clusterAlertGroup, clusterRoleTemplateBinding, podSecurityPolicyTemplateProjectBinding, composeConfig, cisConfig, rancherUserNotification, samlToken, clusterAlert, globalDnsProvider, freeIpaConfig, cluster, adfsConfig, project, activeDirectoryConfig, localConfig, catalogTemplateVersion, userAttribute, projectNetworkPolicy, projectAlert, podSecurityPolicyTemplate, pingConfig, projectAlertRule, clusterAlertRule, token, setting, dynamicSchema, clusterTemplateRevision, githubConfig, notifier, projectAlertGroup, projectRoleTemplateBinding, keyCloakConfig, etcdBackup, openLdapConfig, rkeK8sSystemImage, globalRoleBinding, rkeK8sServiceOption, multiClusterApp, catalog, nodeTemplate, templateContent, keyCloakOIDCConfig, clusterTemplate, group, azureADConfig, catalogTemplate, googleOauthConfig, oktaConfig, globalDns, globalRole, clusterCatalog, multiClusterAppRevision, fleetWorkspace, feature, nodePool, projectMonitorGraph, templateVersion, monitorMetric