Closed squaremo closed 1 year ago
Do we still need to watch secrets?
Do we still need to watch secrets?
Good spot :detective: Probably not, but let me verify that.
Do we still need to watch secrets?
Good spot detective Probably not, but let me verify that.
The controller doesn't watch them (in SetupWithManager
), and the controller-runtime doesn't need watch
if it's not implicitly caching the resources -> logically, watch
is not needed. I've removed it from the kubebuilder annotations.
Fixes #23.
As explained in https://github.com/kubernetes-sigs/controller-runtime/pull/1249, the controller-runtime client will tend to use LIST and WATCH to cache resources requested by the controller. This has two downsides:
This change fixes those problems, with the trade-off that all Secret and ConfigMap requests use a round-trip to the Kubernetes API server.
This follows https://github.com/fluxcd/source-controller/pull/989. There, a feature flag can be used to restore caching for Secrets and ConfigMaps; I have not included the feature flag, since this controller is much younger and doesn't have an established behaviour.