Decouple sync between a foreground and background reconciler
This foreground/background separation is necessary because it takes too long to refresh status with each reconciliation
(controller default SyncPeriod
is 10h, and re-sync all ApplicationRegistration
on webeos
cluster with 5k ApplicationRegistration
would take >20m
during which time site creation from webservices portal fails, because it times out waiting for ApplicationRegistration
to be Created
- cf. INC3490535).
We went with 2 instances of the ApplicationRegistrationReconciler
operating in different modes, rather than 2 separate controllers, to allow
the foreground/background separation while minimizing changes to the existing logic.
I plan to proceed like this:
- once this is merged I will upgrade the operator-sdk (which needs to move lots of files, so won't do it until this MR is merged - in case changes are needed)
- only after upgrading the SDK and removing the
For
watch of the background reconciler, I'll perform perf tests with several k projects on a dev cluster - then create a MR on okd4-install to deploy the new version of the authz operator. the okd4-install MR will need
- small update to the Project templates to explicitly set the
delete-app-from-authz-api
finalizer explicitly on newApplicationRegistration
- and for existing
ApplicationRegistration
, I will write post-deployment actions to update existing finalizers
- small update to the Project templates to explicitly set the