Skip to content

Perf/daemonset hot path#1046

Merged
beneiltis merged 9 commits into
developfrom
perf/daemonset-hot-path
Jul 3, 2026
Merged

Perf/daemonset hot path#1046
beneiltis merged 9 commits into
developfrom
perf/daemonset-hot-path

Conversation

@beneiltis

Copy link
Copy Markdown
Contributor

No description provided.

beneiltis and others added 9 commits July 3, 2026 14:15
FindPrometheusService ran a full keyspace scan + deserialization of
every service per chart query; Alertmanager/sealed-secrets/LB-IP
discovery did the same. A shared 30s TTL cache bounds that to one scan
per interval. Moves ttlCache from core to utils for reuse.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
GetUnstructuredNamespaceResourceList ran a full keyspace SCAN per
watched kind (80-150 kinds) on every namespace-scoped query. Now a
single namespace-pattern scan selects keys, filters apiVersion/kind
from the key segments (authoritative, written from the watcher's
ResourceDescriptor) and fetches via chunked MGET.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The container enumerator loaded and deserialized every pod in the
cluster on every node every few seconds just to filter to its own
node. SetResourceWithIndex now maintains a per-node SET of pod keys
(same MULTI/EXEC), read via SMEMBERS + chunked MGET with a full-scan
fallback while the index is empty. Also removes the dead AllPodsOnNode
helper and skips expired keys in MGET batches instead of failing.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
get/nodes-metrics fetched cpu/memory/traffic with 3 sequential GETs
per node on every dashboard poll; now one MGET for all nodes.
GetWorkspaceResources deduplicated via linear scan of the accumulated
result under the mutex (O(n²), serializing all workers); now a seen-set
with the same namespace/name semantics.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The whitelist was passed as prefix keys (no name segment) into
GetObjectsByPattern's exact-match keyword filter, so no key ever
matched and helm release workloads resolved to an empty list. Now
routed through the key-segment kind filter. GetResourcesByNamespace-
AndKinds returns an error instead of taking a logger.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
RBAC path-segment names (system:controller:bootstrap-signer et al.)
broke the 5-segment split assumption and were silently dropped from
namespace-scoped results. SplitN keeps colons inside the name segment;
covered by a table test.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The metrics loop iterated baseDeviceInfos by value, so appending the
baseline for an interface discovered after registration wrote to a
copy. Those interfaces were re-baselined to "now" every tick and never
reported traffic in the procdev fallback.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
getCpuUsageInfo leaked one file descriptor per process per second
(reclaimed only by GC finalizers) and allocated a fresh 5KiB buffer
per read.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- cgroup match selection tracks the best candidate inline instead of
  collecting every regex match into a slice (runs per PID per pass)
- meminfo parsing iterates lines without splitting the whole file
- loopback filter without a throwaway slice literal per interface

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@beneiltis beneiltis force-pushed the perf/daemonset-hot-path branch from 416a144 to 0bc8bb0 Compare July 3, 2026 12:53
@beneiltis beneiltis merged commit 3fa11fc into develop Jul 3, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant