<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
<base href="https://issues.jboss.org">
<title>Message Title</title>
</head>
<body class="jira" style="color: #333333; font-family: Arial, sans-serif; font-size: 14px; line-height: 1.429">
<table id="background-table" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt; background-color: #f5f5f5; border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt" bgcolor="#f5f5f5">
<!-- header here -->
<tbody>
<tr>
<td id="header-pattern-container" style="padding: 0px; border-collapse: collapse; padding: 10px 20px">
<table id="header-pattern" cellspacing="0" cellpadding="0" border="0" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt">
<tbody>
<tr>
<td id="header-avatar-image-container" valign="top" style="padding: 0px; border-collapse: collapse; vertical-align: top; width: 32px; padding-right: 8px" width="32"> <img id="header-avatar-image" class="image_fix" src="https://static.jboss.org/developer/gravatar/bd1946aafd256fc8796cd927befe1353?d=mm&s=48" height="32" width="32" border="0" style="border-radius: 3px; vertical-align: top"> </td>
<td id="header-text-container" valign="middle" style="padding: 0px; border-collapse: collapse; vertical-align: middle; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px; mso-line-height-rule: exactly; mso-text-raise: 1px"> <a class="user-hover" rel="cmacedo86" id="email_cmacedo86" href="https://issues.jboss.org/secure/ViewProfile.jspa?name=cmacedo86" style="color:#0052cc;; color: #3b73af; text-decoration: none">Camila Macedo</a> <strong>commented</strong> on <a href="https://issues.jboss.org/browse/AEROGEAR-9089" style="color: #3b73af; text-decoration: none"><img src="cid:jira-generated-image-avatar-7cc15e80-53d3-4584-81c5-1ac6db7fe616" height="16" width="16" border="0" align="absmiddle" alt="Task"> AEROGEAR-9089</a> </td>
</tr>
</tbody>
</table> </td>
</tr>
<tr>
<td id="email-content-container" style="padding: 0px; border-collapse: collapse; padding: 0 20px">
<table id="email-content-table" cellspacing="0" cellpadding="0" border="0" width="100%" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt; border-spacing: 0; border-collapse: separate">
<tbody>
<tr>
<!-- there needs to be content in the cell for it to render in some clients -->
<td class="email-content-rounded-top mobile-expand" style="padding: 0px; border-collapse: collapse; color: #ffffff; padding: 0 15px 0 16px; height: 15px; background-color: #ffffff; border-left: 1px solid #cccccc; border-top: 1px solid #cccccc; border-right: 1px solid #cccccc; border-bottom: 0; border-top-right-radius: 5px; border-top-left-radius: 5px; height: 10px; line-height: 10px; padding: 0 15px 0 16px; mso-line-height-rule: exactly" height="10" bgcolor="#ffffff"> </td>
</tr>
<tr>
<td class="email-content-main mobile-expand " style="padding: 0px; border-collapse: collapse; border-left: 1px solid #cccccc; border-right: 1px solid #cccccc; border-top: 0; border-bottom: 0; padding: 0 15px 0 16px; background-color: #ffffff" bgcolor="#ffffff">
<table class="page-title-pattern" cellspacing="0" cellpadding="0" border="0" width="100%" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt">
<tbody>
<tr>
<td style="vertical-align: top;; padding: 0px; border-collapse: collapse; padding-right: 5px; font-size: 20px; line-height: 30px; mso-line-height-rule: exactly" class="page-title-pattern-header-container"> <span class="page-title-pattern-header" style="font-family: Arial, sans-serif; padding: 0; font-size: 20px; line-height: 30px; mso-text-raise: 2px; mso-line-height-rule: exactly; vertical-align: middle"> <a href="https://issues.jboss.org/browse/AEROGEAR-9089" style="color: #3b73af; text-decoration: none">Re: Change operator to watch specific namespaces and or labels</a> </span> </td>
</tr>
</tbody>
</table> </td>
</tr>
<tr>
<td id="text-paragraph-pattern-top" class="email-content-main mobile-expand comment-top-pattern" style="padding: 0px; border-collapse: collapse; border-left: 1px solid #cccccc; border-right: 1px solid #cccccc; border-top: 0; border-bottom: 0; padding: 0 15px 0 16px; background-color: #ffffff; border-bottom: none; padding-bottom: 0" bgcolor="#ffffff">
<table class="text-paragraph-pattern" cellspacing="0" cellpadding="0" border="0" width="100%" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px; mso-line-height-rule: exactly; mso-text-raise: 2px">
<tbody>
<tr>
<td class="text-paragraph-pattern-container mobile-resize-text " style="padding: 0px; border-collapse: collapse; padding: 0 0 10px 0"> <p style="margin: 10px 0 0 0; margin-top: 0">Raised in ML and waiting for the <a href="https://issues.jboss.org/secure/ViewProfile.jspa?name=weil" class="user-hover" rel="weil" style="color: #3b73af; text-decoration: none">Wei Li</a> position. </p> <p style="margin: 10px 0 0 0">---------- Forwarded message ---------<br> From: Camila Macedo <cmacedo@redhat.com><br> Date: Thu, May 2, 2019 at 1:48 PM<br> Subject: <a href="https://issues.jboss.org/browse/AEROGEAR-9089" title="Change operator to watch specific namespaces and or labels" class="issue-link" data-issue-key="AEROGEAR-9089" style="color: #3b73af; text-decoration: none">AEROGEAR-9089</a> - Analyse made over the request "Change the MSS operator to watch specific namespaces and/or labels instead of all as it is done in Keycloak"<br> To: Wei Li <weil@redhat.com><br> Cc: mobile-customer-success <mobile-customer-success@redhat.com>, David Ffrench <dffrench@redhat.com>, Chris Foley <chfoley@redhat.com></p> <p style="margin: 10px 0 0 0">Hi @folks,</p> <p style="margin: 10px 0 0 0">Following the analyse made over this topic. </p> <p style="margin: 10px 0 0 0">Keycloak</p> <p style="margin: 10px 0 0 0">It is not using the default ENV namespace and instead of it is creating and exporting a var to pass a list of NAMESPACES (Operator Namespace + MDC namespace). See here<span class="error">[1]</span><br> Shows that have just 1 WATCH for ALL project which will be looking for in the List of NAMESPACES(CONSUMER_NAMESPACES) and for a List of Keylock types. See here<span class="error">[2]</span><br> Exemplification: SELECT * FROM NAMESPACE IN [ Array ] WHERE KIND IN [ Array ]<br> Mobile Security Service</p> <p style="margin: 10px 0 0 0">It was solved as it's examples/docs<span class="error">[3]</span> and ks8 code docs, for example<span class="error">[4]</span>. <br> In fact, the fetches/watches impl in the MSS Operator shows very more restrictive and specific which indeed should bring a better performance. See that instead of having a generic search for ALL that can be related we have ONE specific WATCH that need be checked per type and namespace. <br> Exemplification: SELECT "SpecificResource" FROM NAMESPACE = <tt>NAMESPACE</tt> WHERE KIND = <tt>KIND</tt><br> Following a code example.</p> <p style="margin: 10px 0 0 0"> // Specific watch per kind and owner type <br> err := c.Watch(&source.Kind{Type: &corev1.ConfigMap{}}, &handler.EnqueueRequestForOwner{<br> IsController: true, <br> OwnerType: &mobilesecurityservicev1alpha1.MobileSecurityServiceApp{},<br> })</p> {...} <p style="margin: 10px 0 0 0"> //Search for the ConfigMap ... <br> configMap := &corev1.ConfigMap{}<br> err := r.client.Get(context.TODO(), types.NamespacedName</p> {Name: getSDKConfigMapName(instance), Namespace: instance.Namespace} <p style="margin: 10px 0 0 0">, configMap)</p> <p style="margin: 10px 0 0 0">NOTE: </p> <p style="margin: 10px 0 0 0">The GET is very specific and is passing as parameter the namespace and the name of the resource. <br> All fetches implemented in the project are following this approach in order to provide a better performance and faithfully follow the same approach present in the operator-framework documentation. It is NOT searching for ALL and getting a LIST of resources to handle as shows done by keylock<span class="error">[9]</span>. </p> <p style="margin: 10px 0 0 0">CONCLUSION:</p> <p style="margin: 10px 0 0 0">In POV, which leads to making this request was my silly comment in the code "//WHACH ALL NAMESPACE"<span class="error">[5]</span> and really sorry for that. I had not this understanding at that moment. After a further analyse, it seems not the be the same WATCH of the resources that you point in keylock<span class="error">[2]</span>. Following the doc over it. It is just for manager's cache which will be evicted by default every 10 hours. See here<span class="error">[7]</span></p> <p style="margin: 10px 0 0 0"> // Namespace if specified restricts the manager's cache to watch objects in the desired namespace<br> // Defaults to all namespaces<br> // Note: If a namespace is specified then controllers can still Watch for a cluster-scoped resource e.g Node<br> // For namespaced resources the cache will only hold objects from the desired namespace.<br> Namespace string</p> <p style="margin: 10px 0 0 0">Ref.: <a href="https://github.com/kubernetes-sigs/controller-runtime/blob/master/pkg/manager/manager.go#L122" class="external-link" rel="nofollow" style="color: #3b73af; text-decoration: none">https://github.com/kubernetes-sigs/controller-runtime/blob/master/pkg/manager/manager.go#L122</a></p> <p style="margin: 10px 0 0 0">IMHO we don't need to customize it since it is just for manager's cache which will be evicted by default every 10 hours. <br> The watches and fetches are implemented very specifically as requested already.<br> The concept/nomenclature "namespace-scoped" operator show means one operator that will deal with just ONE specific namespace which appears NOT to be MSS or Keylock case since it needs to check the resources into 2 namespaces (where the operator and the app are applied). In this way, shows that following the operator-framework design it should use the ClusterRole as well. See more over it here<span class="error">[8]</span><br> Hi @Wei Li </p> <p style="margin: 10px 0 0 0">I understand that we could apply the "CONSUMER_NAMESPACES"<span class="error">[6]</span> approach anyway if you wish in the MSS operator as well, but do you really think that it is required? Since this approach is not in the operator-framework docs then could not it be effected for any breaking change more easily? Could not this "customization" bring unnecessary complexity and make harder the understanding of the code and keep the project maintained by others? </p> <p style="margin: 10px 0 0 0">IHMO: Shows that it will not bring any significant performance result since this "customization" will be used just every10 hours and the MSS Operator is already have been very specific in these watches and fetches in order to faithfully follow the same approach present in the operator-framework documentation which should ensure a great performance. </p> <p style="margin: 10px 0 0 0">Please, let us know if you are ok with or if you still looking for we apply the "CONSUMER_NAMESPACES"<span class="error">[6]</span> approach on MSS Operator as well. </p> <p style="margin: 10px 0 0 0">Really thank you for your attention and support.</p> <p style="margin: 10px 0 0 0">Cheers, </p> <p style="margin: 10px 0 0 0"><span class="error">[1]</span> - <a href="https://github.com/integr8ly/keycloak-operator/search?q=CONSUMER_NAMESPACES&unscoped_q=CONSUMER_NAMESPACES" class="external-link" rel="nofollow" style="color: #3b73af; text-decoration: none">https://github.com/integr8ly/keycloak-operator/search?q=CONSUMER_NAMESPACES&unscoped_q=CONSUMER_NAMESPACES</a></p> <p style="margin: 10px 0 0 0"><span class="error">[2]</span> - <a href="https://github.com/integr8ly/keycloak-operator/blob/84904640e1d498b1d8eb9cca4b42f268728735a1/pkg/keycloak/keycloak.go#L96" class="external-link" rel="nofollow" style="color: #3b73af; text-decoration: none">https://github.com/integr8ly/keycloak-operator/blob/84904640e1d498b1d8eb9cca4b42f268728735a1/pkg/keycloak/keycloak.go#L96</a></p> <p style="margin: 10px 0 0 0"><span class="error">[3]</span> - <a href="https://github.com/operator-framework/getting-started#resources-watched-by-the-controller" class="external-link" rel="nofollow" style="color: #3b73af; text-decoration: none">https://github.com/operator-framework/getting-started#resources-watched-by-the-controller</a></p> <p style="margin: 10px 0 0 0"><span class="error">[4]</span> - <a href="https://github.com/kubernetes-sigs/controller-runtime/blob/master/pkg/manager/manager.go#L122" class="external-link" rel="nofollow" style="color: #3b73af; text-decoration: none">https://github.com/kubernetes-sigs/controller-runtime/blob/master/pkg/manager/manager.go#L122</a></p> <p style="margin: 10px 0 0 0"><span class="error">[5]</span> - <a href="https://github.com/aerogear/mobile-security-service-operator/blob/master/cmd/manager/main.go#L78" class="external-link" rel="nofollow" style="color: #3b73af; text-decoration: none">https://github.com/aerogear/mobile-security-service-operator/blob/master/cmd/manager/main.go#L78</a></p> <p style="margin: 10px 0 0 0"><span class="error">[6]</span> - <a href="https://github.com/integr8ly/keycloak-operator/blob/b05e241da46d5de095c3108a4766d53939d041b3/deploy/operator.yaml#L31" class="external-link" rel="nofollow" style="color: #3b73af; text-decoration: none">https://github.com/integr8ly/keycloak-operator/blob/b05e241da46d5de095c3108a4766d53939d041b3/deploy/operator.yaml#L31</a></p> <p style="margin: 10px 0 0 0"><span class="error">[7]</span> - <a href="https://github.com/kubernetes-sigs/controller-runtime/blob/master/pkg/manager/manager.go#L102" class="external-link" rel="nofollow" style="color: #3b73af; text-decoration: none">https://github.com/kubernetes-sigs/controller-runtime/blob/master/pkg/manager/manager.go#L102</a></p> <p style="margin: 10px 0 0 0"><span class="error">[8]</span> - <a href="https://github.com/operator-framework/operator-sdk/blob/76d13fccc3672c0ad4eb969abb9b9885678771e4/doc/helm/user-guide.md#operator-scope" class="external-link" rel="nofollow" style="color: #3b73af; text-decoration: none">https://github.com/operator-framework/operator-sdk/blob/76d13fccc3672c0ad4eb969abb9b9885678771e4/doc/helm/user-guide.md#operator-scope</a></p> <p style="margin: 10px 0 0 0"><span class="error">[9]</span> - <a href="https://github.com/integr8ly/keycloak-operator/blob/03300d290a424441b3ac84382f5f613c93a03934/pkg/keycloak/realm/phaseHandler.go#L67" class="external-link" rel="nofollow" style="color: #3b73af; text-decoration: none">https://github.com/integr8ly/keycloak-operator/blob/03300d290a424441b3ac84382f5f613c93a03934/pkg/keycloak/realm/phaseHandler.go#L67</a></p> </td>
</tr>
</tbody>
</table> </td>
</tr>
<tr>
<td class="email-content-main mobile-expand " style="padding: 0px; border-collapse: collapse; border-left: 1px solid #cccccc; border-right: 1px solid #cccccc; border-top: 0; border-bottom: 0; padding: 0 15px 0 16px; background-color: #ffffff" bgcolor="#ffffff">
<table id="actions-pattern" cellspacing="0" cellpadding="0" border="0" width="100%" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px; mso-line-height-rule: exactly; mso-text-raise: 1px">
<tbody>
<tr>
<td id="actions-pattern-container" valign="middle" style="padding: 0px; border-collapse: collapse; padding: 10px 0 10px 24px; vertical-align: middle; padding-left: 0">
<table align="left" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt">
<tbody>
<tr>
<td class="actions-pattern-action-icon-container" style="padding: 0px; border-collapse: collapse; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px; mso-line-height-rule: exactly; mso-text-raise: 0; vertical-align: middle"> <a href="https://issues.jboss.org/browse/AEROGEAR-9089#add-comment" target="_blank" title="Add Comment" style="color: #3b73af; text-decoration: none"> <img class="actions-pattern-action-icon-image" src="cid:jira-generated-image-static-comment-icon-4e973c16-c2e7-488e-aad0-32c05d87e4e2" alt="Add Comment" title="Add Comment" height="16" width="16" border="0" style="vertical-align: middle"> </a> </td>
<td class="actions-pattern-action-text-container" style="padding: 0px; border-collapse: collapse; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px; mso-line-height-rule: exactly; mso-text-raise: 4px; padding-left: 5px"> <a href="https://issues.jboss.org/browse/AEROGEAR-9089#add-comment" target="_blank" title="Add Comment" style="color: #3b73af; text-decoration: none">Add Comment</a> </td>
</tr>
</tbody>
</table> </td>
</tr>
</tbody>
</table> </td>
</tr>
<!-- there needs to be content in the cell for it to render in some clients -->
<tr>
<td class="email-content-rounded-bottom mobile-expand" style="padding: 0px; border-collapse: collapse; color: #ffffff; padding: 0 15px 0 16px; height: 5px; line-height: 5px; background-color: #ffffff; border-top: 0; border-left: 1px solid #cccccc; border-bottom: 1px solid #cccccc; border-right: 1px solid #cccccc; border-bottom-right-radius: 5px; border-bottom-left-radius: 5px; mso-line-height-rule: exactly" height="5" bgcolor="#ffffff"> </td>
</tr>
</tbody>
</table> </td>
</tr>
<tr>
<td id="footer-pattern" style="padding: 0px; border-collapse: collapse; padding: 12px 20px">
<table id="footer-pattern-container" cellspacing="0" cellpadding="0" border="0" style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt">
<tbody>
<tr>
<td id="footer-pattern-text" class="mobile-resize-text" width="100%" style="padding: 0px; border-collapse: collapse; color: #999999; font-size: 12px; line-height: 18px; font-family: Arial, sans-serif; mso-line-height-rule: exactly; mso-text-raise: 2px"> This message was sent by Atlassian Jira <span id="footer-build-information">(v7.12.1#712002-<span title="609a50578ba6bc73dbf8b05dddd7c04a04b6807c" data-commit-id="609a50578ba6bc73dbf8b05dddd7c04a04b6807c}">sha1:609a505</span>)</span> </td>
<td id="footer-pattern-logo-desktop-container" valign="top" style="padding: 0px; border-collapse: collapse; padding-left: 20px; vertical-align: top">
<table style="border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt">
<tbody>
<tr>
<td id="footer-pattern-logo-desktop-padding" style="padding: 0px; border-collapse: collapse; padding-top: 3px"> <img id="footer-pattern-logo-desktop" src="https://issues.jboss.org/images/mail/atlassian-email-logo.png" alt="Atlassian logo" title="Atlassian logo" width="191" height="24" class="image_fix"> </td>
</tr>
</tbody>
</table> </td>
</tr>
</tbody>
</table> </td>
</tr>
</tbody>
</table>
</body>
</html>