Optimized resource retrieval for FetchEnvs (#383)

* optimized resource retrieval for FetchEnvs

* linting and testing fixes, package updates

* enable global cache of retrieved resources with ttl

* comment clarification

* typofix

* tweak logging

Author: carrolp

lib/FetchEnvs.js

@@ -27,6 +27,17 @@ const KIND_MAP = new Map([
   ['configMapKeyRef', 'ConfigMap']
 ]);
 
+const LRU = require('lru-cache');
+const LruOptions = {
+  maxSize: 100000, // the max cache size
+  sizeCalculation: (r) => { return( JSON.stringify(r).length ); }, // how to determine the size of a resource added to the cache
+  ttl: 1000 * 60 * 3,  // max time to cache (LRU does not directly enforce, but maxSize will eventually push them out)
+  updateAgeOnGet: false,  // Don't update ttl when an item is retrieved from cache
+  updateAgeOnHas: false,  // Don't update ttl when an item is checked in cache
+};
+const globalResourceCache = new LRU( LruOptions );
+const globalResourceCacheUsers = new Set();
+
 module.exports = class FetchEnvs {
 
   get [Symbol.toStringTag]() {
@@ -45,6 +56,71 @@ module.exports = class FetchEnvs {
     this.updateRazeeLogs = controllerObject.updateRazeeLogs ?
       ((logLevel, log) => { controllerObject.updateRazeeLogs(logLevel, log); }) :
       (() => { log.debug('\'updateRazeeLogs()\' not passed to fetchEnvs. will not update razeeLogs on failure to fetch envs'); });
+
+    const user = this.data?.object?.spec?.clusterAuth?.impersonateUser;
+    if( process.env.INSTANCE_FETCHENVS_CACHE_ONLY ) {
+      // Using `user` is not technically necessary for an instance-specific cache, but used for consistency
+      log.info( 'FetchEnvs.constructor using instance-specific resource cache' );
+      this.instanceCache = {};
+      this.resourceCache = {
+        has: (key) => {
+          const hit = Object.prototype.hasOwnProperty.call(this.instanceCache, `${user}/${key}`);
+          log.info( `FetchEnvs cache ${hit?'HIT':'MISS'}: '${user}/${key}'` );
+          return hit;
+        },
+        set: (key, value) => { this.instanceCache[`${user}/${key}`] = value; },
+        get: (key) => { return this.instanceCache[`${user}/${key}`]; },
+      };
+    }
+    else {
+      log.info( `FetchEnvs.constructor using global resource cache, ${globalResourceCache.size} resources currently cached (may be TTL expired)` );
+      this.resourceCache = {
+        has: (key) => {
+          const hit = globalResourceCache.has(`${user}/${key}`);
+          log.info( `FetchEnvs cache ${hit?'HIT':'MISS'}: '${user}/${key}'` );
+          return hit;
+        },
+        set: (key, value) => {
+          // When setting a key, keep track of users to allow later deletion
+          globalResourceCacheUsers.add( user );
+          globalResourceCache.set(`${user}/${key}`, value);
+          log.info( `FetchEnvs cached '${user}/${key}'` );
+        },
+        get: (key) => {
+          return globalResourceCache.get(`${user}/${key}`);
+        },
+      };
+    }
+  }
+
+  // This function needs to be called any time a watch on a potentially cached item is triggered by creation/update/poll, e.g. in the ReferencedResourceManager
+  // If it is not, the old resource may still be served from cache until the TTL expires
+  static updateInGlobalCache(resource) {
+    const cacheKey = [resource?.apiVersion, resource?.kind, resource?.metadata?.namespace, resource?.metadata?.name].join('/');
+    let updated = false;
+    // When updating a key, updating it for all users
+    for( const cacheUser of globalResourceCacheUsers ) {
+      if( globalResourceCache.has(`${cacheUser}/${cacheKey}`) ) {
+        globalResourceCache.set(`${cacheUser}/${cacheKey}`, resource);
+        updated = true;
+      }
+    }
+    if( updated ) log.info( `FetchEnvs cache updated for "*/${cacheKey}"` );
+  }
+
+  // This function needs to be called any time a watch on a potentially cached item is triggered by deletion, e.g. in the ReferencedResourceManager
+  // If it is not, the deleted resource may still be served from cache until the TTL expires
+  static deleteFromGlobalCache(resource) {
+    const cacheKey = [resource?.apiVersion, resource?.kind, resource?.metadata?.namespace, resource?.metadata?.name].join('/');
+    let deleted = false;
+    // When deleting a key, delete it for all users
+    for( const cacheUser of globalResourceCacheUsers ) {
+      if( globalResourceCache.has(`${cacheUser}/${cacheKey}`) ) {
+        globalResourceCache.delete(`${cacheUser}/${cacheKey}`);
+        deleted = true;
+      }
+    }
+    if( deleted ) log.info( `FetchEnvs cache deleted for "*/${cacheKey}"` );
   }
 
   #secretMapRef(conf) {
@@ -63,6 +139,13 @@ module.exports = class FetchEnvs {
     return this.#genericKeyRef(conf, 'configMapKeyRef');
   }
 
+  /*
+  @param[I] conf An object like `{ configMapRef: { name: 'asdf', namespace: 'asdf' } }`.
+  @param[I] valueFrom The name of the conf attribute containing resource details, e.g. `configMapRef`.
+  @param[I] decode A boolean indicating whether to base64 decode the values retrieved, e.g. from Secrets
+
+  @return An object like { configMapRef: { name: 'asdf', namespace: 'asdf' }, data: { key1: val1, ... } }
+  */
   async #genericMapRef(conf, valueFrom = 'genericMapRef', decode = false) {
     let resource;
     let kubeError = ERR_NODATA;
@@ -76,13 +159,22 @@ module.exports = class FetchEnvs {
       name
     } = ref;
 
-    const krm = await this.kubeClass.getKubeResourceMeta(apiVersion, kind, 'update');
+    const cacheKey = [apiVersion, kind, namespace, name].join('/');
+    if( this.resourceCache.has( cacheKey ) ) {
+      resource = this.resourceCache.get( cacheKey );
+    }
+    else {
+      const krm = await this.kubeClass.getKubeResourceMeta(apiVersion, kind, 'update');
 
-    if (krm) {
-      try {
-        resource = await krm.get(name, namespace);
-      } catch (error) {
-        kubeError = error;
+      if (krm) {
+        try {
+          resource = await krm.get(name, namespace);
+          if( resource ) {
+            this.resourceCache.set( cacheKey, resource ); // Cache this resource
+          }
+        } catch (error) {
+          kubeError = error;
+        }
       }
     }
 
@@ -108,6 +200,14 @@ module.exports = class FetchEnvs {
     return { ...conf, data };
   }
 
+  /*
+  @param[I] conf An object like `{ default: '{default:true}', overrideStrategy: 'merge', configMapRef: { name: 'asdf', namespace: 'asdf', key: 'asdf', type: 'json' } }`
+  - name, namespace, and matchLabels identify the resource
+  - key identifies the data inside the resource
+  - type identifies how to typecast the value
+
+  @return The discovered value
+  */
   async #genericKeyRef(conf, valueFrom = 'genericKeyRef', decode = false) {
     let response;
     let kubeError = ERR_NODATA;
@@ -125,36 +225,52 @@ module.exports = class FetchEnvs {
       apiVersion = 'v1'
     } = ref;
 
-    const krm = await this.kubeClass.getKubeResourceMeta(
-      apiVersion,
-      kind,
-      'update'
-    );
-
     const matchLabelsQS = labelSelectors(matchLabels);
 
-    if (krm) {
-      try {
-        response = await this.api({
-          uri: krm.uri({ namespace, name }),
-          json: true,
-          qs: matchLabelsQS
-        });
-      } catch (error) {
-        kubeError = error;
+    const cacheKey = [apiVersion, kind, namespace, name].join('/');
+    // Note: Using `matchLabels` will always result in a kube api call, label-based queries cannot use the resourceCache
+    if( !matchLabelsQS && this.resourceCache.has(cacheKey) ) {
+      response = this.resourceCache.get(cacheKey);
+    }
+    else {
+      const krm = await this.kubeClass.getKubeResourceMeta(apiVersion, kind, 'update');
+
+      if (krm) {
+        try {
+          response = await this.api({
+            uri: krm.uri({ namespace, name }),
+            json: true,
+            qs: matchLabelsQS
+          });
+          // Note: cache here only if getting a single resource
+          if( response?.data && !response?.items ) {
+            this.resourceCache.set(cacheKey, response);
+          }
+        } catch (error) {
+          kubeError = error;
+        }
       }
     }
 
     let value = response?.data?.[key];
 
+    // If matching by labels, there can be multiple matching resources.
+    // Reduce to a single value via the specified strategy ('merge' combines objects, otherwise a single value is picked).
     if (typeof matchLabelsQS === OBJECT) {
+      // Cache here if there are multiple retrieved resources
+      if( response?.items ) {
+        response.items.forEach(function (item) {
+          const cacheKey = [item.apiVersion, item.kind, item.metadata.namespace, item.metadata.name].join('/');
+          this.resourceCache.set(cacheKey, item);
+        }, this);
+      }
       const output = response?.items.reduce(
         reduceItemList(ref, strategy, decode),
         Object.create(null)
       );
 
       value = output?.[key];
-      decode = false;
+      decode = false; // 'decode' was used in the reduceItemList, set to false to avoid double-decoding.
     }
 
     if (value === undefined) {
@@ -182,9 +298,15 @@ module.exports = class FetchEnvs {
     return typeCast(name, value, type);
   }
 
+  /*
+  Retrieve all values from specified kube resources.
+
+  @param[I] envs Array of objects like `[ { configMapRef: { ... }, ... } ]`
 
-  processEnvFrom(envFrom) {
-    return Promise.all(envFrom.map((element) => {
+  @return Array of objects like ``[ { configMapRef: { ... }, data: { key1: val1, key2: val2, ... } }, ... ]``
+  */
+  async processEnvFrom(envFrom) {
+    const retVal = await Promise.all(envFrom.map((element) => {
       const { configMapRef, secretMapRef, genericMapRef } = element;
 
       if (!configMapRef && !secretMapRef && !genericMapRef) {
@@ -195,25 +317,44 @@ module.exports = class FetchEnvs {
       if (secretMapRef) return this.#secretMapRef(element);
       return this.#genericMapRef(element);
     }));
+    return( retVal );
   }
 
-  #processEnv(envs) {
-    return Promise.all(envs.map(async (env) => {
-      if (env.value) return env;
-      const valueFrom = env.valueFrom || {};
-      const { genericKeyRef, configMapKeyRef, secretKeyRef } = valueFrom;
+  /*
+  Retrieve specific values from specified kube resources.
+
+  Each env is retrieved and processed sequentially so that caching can take place.
+  If Promise.all were used, multiple requests for the same resource would be sent
+  in parallel and caching would be unable to assist.  The return value is an array
+  as if from Promise.all.
 
-      if (!genericKeyRef && !configMapKeyRef && !secretKeyRef) {
-        throw new Error(`oneOf genericKeyRef, configMapKeyRef, secretKeyRef must be defined. Got: ${JSON.stringify(env)}`);
+  @param[I] envs Array of objects like `[ { configMapKeyRef: { ... }, ... } ]`
+
+  @return Array of objects like `[ { configMapKeyRef: { ... }, value: asdf }, ... ]`
+  */
+  async #processEnv(envs) {
+    const retVal = [];
+    for( const env of envs ) {
+      if (env.value) {
+        retVal.push( env );
       }
+      else {
+        const valueFrom = env.valueFrom || {};
+        const { genericKeyRef, configMapKeyRef, secretKeyRef } = valueFrom;
 
-      let value;
-      if (secretKeyRef) value = await this.#secretKeyRef(env);
-      if (configMapKeyRef) value = await this.#configMapKeyRef(env);
-      if (genericKeyRef) value = await this.#genericKeyRef(env);
+        if (!genericKeyRef && !configMapKeyRef && !secretKeyRef) {
+          throw new Error(`oneOf genericKeyRef, configMapKeyRef, secretKeyRef must be defined. Got: ${JSON.stringify(env)}`);
+        }
 
-      return { ...env, value };
-    }));
+        let value;
+        if (secretKeyRef) value = await this.#secretKeyRef(env);
+        if (configMapKeyRef) value = await this.#configMapKeyRef(env);
+        if (genericKeyRef) value = await this.#genericKeyRef(env);
+
+        retVal.push( { ...env, value } );
+      }
+    }
+    return retVal;
   }
 
   #processEnvSourceSimpleLinks(envs) {
@@ -225,21 +366,31 @@ module.exports = class FetchEnvs {
     }));
   }
 
+  /*
+  Retrieve values specified in spec.envFrom and spec.env elements
+
+  @param[I] path path to the env and envFrom elements in the resource
+
+  @return A map of keys to values
+  */
   async get(path = 'spec') {
     let result = {};
     // removes any number of '.' at the start and end of the path, and
     // removes the '.env' or '.envFrom' if the paths ends in either
     path = path.replace(/^\.*|\.*$|(\.envFrom\.*$)|(\.env\.*$)/g, '');
 
     let envFrom = objectPath.get(this.data, `object.${path}.envFrom`, []);
+
     envFrom = await this.processEnvFrom(envFrom);
     for (const env of envFrom) {
       const data = env?.data ?? {};
       result = { ...result, ...data };
     }
 
-    const env = objectPath.get(this.data, `object.${path}.env`, []);
-    return (await this.#processEnv(env)).reduce(reduceEnv, result);
+    let env = objectPath.get(this.data, `object.${path}.env`, []);
+
+    env = await this.#processEnv(env);
+    return (env).reduce(reduceEnv, result);
   }
 
   async getSourceSimpleLinks(path = 'spec') {
@@ -319,6 +470,17 @@ function labelSelectors(query) {
   };
 }
 
+/*
+Cast the specified value to the indicated type.  The value is returned unmodified if:
+- 'type' is not specified
+- 'value' is null or not a string
+
+@param[I] name The name of the reference from which the value was obtained.  Used only in generating error text in case of JSON parsing errors.
+@param[I] value The string value to typecast.
+@param[I] type How to typecast the value.
+
+@return Value, cast to the indicated type (e.g. number, boolean, json, base64 decoded string )
+*/
 function typeCast(name, value, type) {
   if (!type) return value;
   if (value == null) return;

lib/ReferencedResourceManager.js

@@ -81,6 +81,14 @@ module.exports = class ReferencedResourceManager {
 
       this._logger.info(`${this._data.type} event received ${this._selfLink} ${objectPath.get(this._data, 'object.metadata.resourceVersion')}`);
 
+      // Update or remove the resource from the FetchEnvs cache so that later FetchEnvs instances will use a fresh copy
+      if( [ 'ADDED', 'POLLED', 'MODIFIED' ].includes( this._data.type ) ) {
+        FetchEnvs.updateInGlobalCache( objectPath.get(this._data, 'object') );
+      }
+      else {
+        FetchEnvs.deleteFromGlobalCache( objectPath.get(this._data, 'object') );
+      }
+
       let clusterLocked = await this._cluster_locked();
       if (clusterLocked) {
         this._logger.info(`Cluster lock has been set.. skipping ${this._data.type} event ${this._selfLink} ${objectPath.get(this._data, 'object.metadata.resourceVersion')}`);