You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Does this enhancement require public documentation?
I have added an Acceptance Criteria item for adding and/or adjusting public documentation (if applicable)
Problem Statement
In KIC 3.2 we made labeling Secrets (Plugin config and credentials) obligatory from the standpoint of the default ValidatingWebhookConfiguration we provide - meaning that Secrets that are not labeled with our custom labels (konghq.com/validate and konghq.com/credential) are not going to be validated by the validating webhook (#5856). We still didn't make the labels obligatory to make them visible by KIC's reconcile loops as we cache Secrets with no filters.
This issue is the next step in making the labels required - this time not only for the validation but also for making them be cached and reconciled by KIC. That will allow avoiding issues where KIC fails to boot because of cache sync timeouts in environments with a high volume of Secrets that are not meant to be reconciled by KIC.
Is there an existing issue for this?
Does this enhancement require public documentation?
Problem Statement
In KIC 3.2 we made labeling Secrets (Plugin config and credentials) obligatory from the standpoint of the default
ValidatingWebhookConfiguration
we provide - meaning that Secrets that are not labeled with our custom labels (konghq.com/validate
andkonghq.com/credential
) are not going to be validated by the validating webhook (#5856). We still didn't make the labels obligatory to make them visible by KIC's reconcile loops as we cache Secrets with no filters.This issue is the next step in making the labels required - this time not only for the validation but also for making them be cached and reconciled by KIC. That will allow avoiding issues where KIC fails to boot because of cache sync timeouts in environments with a high volume of Secrets that are not meant to be reconciled by KIC.
Proposed Solution
SelectorsByObject
(✨ Add SelectorsByObject option to cache kubernetes-sigs/controller-runtime#1435) from controller-runtime to cache only properly labeled SecretsAdditional information
No response
Acceptance Criteria
konghq.com/credentials
,konghq.com/validate
)The text was updated successfully, but these errors were encountered: