Skip to content

Commit

Permalink
CPU consumption improvement - Run `populateReferencedKubernetesServic…
Browse files Browse the repository at this point in the history
…es` only if egress is enabled
  • Loading branch information
omris94 committed Dec 22, 2024
1 parent 4e83663 commit 3729510
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 4 deletions.
12 changes: 8 additions & 4 deletions src/operator/effectivepolicy/groupreconciler.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"github.com/otterize/intents-operator/src/operator/controllers/access_annotation"
"github.com/otterize/intents-operator/src/shared/errors"
"github.com/otterize/intents-operator/src/shared/injectablerecorder"
"github.com/otterize/intents-operator/src/shared/operatorconfig/enforcement"
"github.com/otterize/intents-operator/src/shared/serviceidresolver"
"github.com/otterize/intents-operator/src/shared/serviceidresolver/serviceidentity"
"github.com/samber/lo"
Expand All @@ -30,6 +31,7 @@ type GroupReconciler struct {
Scheme *runtime.Scheme
reconcilers []reconciler
serviceIdResolver *serviceidresolver.Resolver
egressEnabled bool
injectablerecorder.InjectableRecorder
}

Expand All @@ -39,6 +41,7 @@ func NewGroupReconciler(k8sClient client.Client, scheme *runtime.Scheme, service
Scheme: scheme,
serviceIdResolver: serviceIdResolver,
reconcilers: reconcilers,
egressEnabled: enforcement.GetConfig().EnableEgressNetworkPolicyReconcilers,
}
}

Expand Down Expand Up @@ -183,10 +186,11 @@ func (g *GroupReconciler) buildServiceEffectivePolicy(
for _, intent := range clientIntents.GetTargetList() {
serversFoundInClientIntents.Add(intent.ToServiceIdentity(clientIntents.Namespace))
call := Call{Target: intent, EventRecorder: recorder}

call, err = g.populateReferencedKubernetesServices(ctx, call, clientIntents, intent)
if err != nil {
return ServiceEffectivePolicy{}, errors.Wrap(err)
if g.egressEnabled {
call, err = g.populateReferencedKubernetesServices(ctx, call, clientIntents, intent)
if err != nil {
return ServiceEffectivePolicy{}, errors.Wrap(err)
}
}
calls = append(calls, call)

Expand Down
2 changes: 2 additions & 0 deletions src/operator/effectivepolicy/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ type ClientCall struct {

type Call struct {
v2alpha1.Target
// This is here as a workaround to make egress policies work in AWS VPC CNI which requires a rule matching the service's selector exactly in order to allow traffic to ClusterIP.
// it will be populated only if egress is enabled
ReferencingKubernetesServices []v1.Service
EventRecorder *injectablerecorder.ObjectEventRecorder
}
Expand Down

0 comments on commit 3729510

Please sign in to comment.