Improve controller-runtime cache configuration (#1718)

* feat: tune controller-runtime cache - remove managed fields, as they are not used directly by the operator code - add Pods to the list of uncached objects as they may have an high cardinality - add Group to the list of uncached objects, since such objects are only created once * chore: replace Group GET+CREATE with just CREATE
opendatahub-io · Mar 7, 2025 · 6b2dcfc · 6b2dcfc
1 parent 0145664
commit 6b2dcfc
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 10 deletions.
diff --git a/controllers/dscinitialization/utils.go b/controllers/dscinitialization/utils.go
@@ -418,16 +418,10 @@ func (r *DSCInitializationReconciler) createUserGroup(ctx context.Context, dscIn
 		// Otherwise is errors with "error": "Group.user.openshift.io \"odh-admins\" is invalid: users: Invalid value: \"null\": users in body must be of type array: \"null\""}
 		Users: []string{},
 	}
-	err := r.Client.Get(ctx, client.ObjectKeyFromObject(userGroup), userGroup)
-	if err != nil {
-		if k8serr.IsNotFound(err) {
-			err = r.Client.Create(ctx, userGroup)
-			if err != nil && !k8serr.IsAlreadyExists(err) {
-				return err
-			}
-		} else {
-			return err
-		}
+
+	err := r.Client.Create(ctx, userGroup)
+	if err != nil && !k8serr.IsAlreadyExists(err) {
+		return err
 	}
 
 	return nil

diff --git a/main.go b/main.go
@@ -43,6 +43,7 @@ import (
 	networkingv1 "k8s.io/api/networking/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -260,6 +261,14 @@ func main() { //nolint:funlen,maintidx,gocyclo
 			&rbacv1.ClusterRoleBinding{}:             {},
 			&securityv1.SecurityContextConstraints{}: {},
 		},
+		DefaultTransform: func(in any) (any, error) {
+			// Nilcheck managed fields to avoid hitting https://github.com/kubernetes/kubernetes/issues/124337
+			if obj, err := meta.Accessor(in); err == nil && obj.GetManagedFields() != nil {
+				obj.SetManagedFields(nil)
+			}
+
+			return in, nil
+		},
 	}
 
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ // single pod does not need to have LeaderElection
@@ -291,6 +300,8 @@ func main() { //nolint:funlen,maintidx,gocyclo
 					&ofapiv1alpha1.Subscription{},
 					resources.GvkToUnstructured(gvk.ServiceMeshControlPlane),
 					&authorizationv1.SelfSubjectRulesReview{},
+					&corev1.Pod{},
+					&userv1.Group{},
 				},
 				// Set it to true so the cache-backed client reads unstructured objects
 				// or lists from the cache instead of a live lookup.