From ca7db0e330ff36f5b8a76586e2466bdc65585f90 Mon Sep 17 00:00:00 2001 From: Sylvain Rabot Date: Tue, 13 Oct 2020 16:37:45 +0200 Subject: [PATCH] Filter out secrets that belong to Helm Signed-off-by: Sylvain Rabot --- internal/ingress/controller/store/store.go | 34 +++++++++++++++++++--- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index 1d71fddac8..584a1c7e78 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -30,6 +30,7 @@ import ( corev1 "k8s.io/api/core/v1" networkingv1beta1 "k8s.io/api/networking/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/fields" k8sruntime "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -253,7 +254,7 @@ func New( // If you happen to have a lot of HELM releases in the cluster it will make // the memory consumption of nginx-ingress-controller explode. // In order to avoid that we filter out labels OWNER=TILLER. - tweakListOptionsFunc := func(options *metav1.ListOptions) { + labelsTweakListOptionsFunc := func(options *metav1.ListOptions) { if len(options.LabelSelector) > 0 { options.LabelSelector += ",OWNER!=TILLER" } else { @@ -261,10 +262,35 @@ func New( } } + // As of HELM >= v3 helm releases are stored using Secrets instead of ConfigMaps. + // In order to avoid listing those secrets we discard type "helm.sh/release.v1" + secretsTweakListOptionsFunc := func(options *metav1.ListOptions) { + helmAntiSelector := fields.OneTermNotEqualSelector("type", "helm.sh/release.v1") + baseSelector, err := fields.ParseSelector(options.FieldSelector) + + if err != nil { + options.FieldSelector = helmAntiSelector.String() + } else { + options.FieldSelector = fields.AndSelectors(baseSelector, helmAntiSelector).String() + } + } + // create informers factory, enable and assign required informers infFactory := informers.NewSharedInformerFactoryWithOptions(client, resyncPeriod, informers.WithNamespace(namespace), - informers.WithTweakListOptions(tweakListOptionsFunc)) + ) + + // create informers factory for configmaps + infFactoryConfigmaps := informers.NewSharedInformerFactoryWithOptions(client, resyncPeriod, + informers.WithNamespace(namespace), + informers.WithTweakListOptions(labelsTweakListOptionsFunc), + ) + + // create informers factory for secrets + infFactorySecrets := informers.NewSharedInformerFactoryWithOptions(client, resyncPeriod, + informers.WithNamespace(namespace), + informers.WithTweakListOptions(secretsTweakListOptionsFunc), + ) store.informers.Ingress = infFactory.Networking().V1beta1().Ingresses().Informer() store.listers.Ingress.Store = store.informers.Ingress.GetStore() @@ -272,10 +298,10 @@ func New( store.informers.Endpoint = infFactory.Core().V1().Endpoints().Informer() store.listers.Endpoint.Store = store.informers.Endpoint.GetStore() - store.informers.Secret = infFactory.Core().V1().Secrets().Informer() + store.informers.Secret = infFactorySecrets.Core().V1().Secrets().Informer() store.listers.Secret.Store = store.informers.Secret.GetStore() - store.informers.ConfigMap = infFactory.Core().V1().ConfigMaps().Informer() + store.informers.ConfigMap = infFactoryConfigmaps.Core().V1().ConfigMaps().Informer() store.listers.ConfigMap.Store = store.informers.ConfigMap.GetStore() store.informers.Service = infFactory.Core().V1().Services().Informer()