Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to configure API used for permission validation when using the permission validation pre-flight check #930

Closed
everettraven opened this issue Apr 17, 2024 · 0 comments · Fixed by #931
Closed

Add ability to configure API used for permission validation when using the permission validation pre-flight check #930

everettraven opened this issue Apr 17, 2024 · 0 comments · Fixed by #931
Labels
carvel accepted This issue should be considered for future work and that the triage process has been completed enhancement This issue is a feature request priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.

Comments

@everettraven
Copy link
Contributor

everettraven commented Apr 17, 2024
edited
Loading

Describe the problem/challenge you have
Currently, the permission validation pre-flight check uses the SelfSubjectAccessReview API for performing permission validation. This API is highly accurate, but also introduces load to the API server when run against a very large set of manifests (at least one request is made per resource, but can be more depending on circumstances). I want to ensure that when using this check I am not introduce significant load against the Kubernetes API server.

Describe the solution you'd like
Allow a user to configure the permission validation pre-flight check to instead use the SelfSubjectRulesReview API for performing permission validation. When done with a cache where the namespace is the index, this can significantly reduce load on the Kubernetes API server.

This should be possible to configure through the recently added pre-flight configuration path

Anything else you would like to add:
[Additional information that will assist in solving the issue.]

Vote on this request

This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.

👍 "I would like to see this addressed as soon as possible"
👎 "There are other more important things to focus on right now"

We are also happy to receive and review Pull Requests if you want to help working on this issue.
@everettraven everettraven added carvel triage This issue has not yet been reviewed for validity enhancement This issue is a feature request labels Apr 17, 2024
@everettraven everettraven mentioned this issue Apr 17, 2024
Merged
5 tasks
@renuy renuy moved this to To Triage in Carvel Apr 19, 2024
@renuy renuy added carvel accepted This issue should be considered for future work and that the triage process has been completed and removed carvel triage This issue has not yet been reviewed for validity labels Apr 19, 2024
@renuy renuy moved this from To Triage to Unprioritized in Carvel Apr 19, 2024
@renuy renuy added the priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. label Apr 19, 2024
@github-project-automation github-project-automation bot moved this from Unprioritized to Closed in Carvel May 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
carvel accepted This issue should be considered for future work and that the triage process has been completed enhancement This issue is a feature request priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
Carvel
Archived in project
Milestone
No milestone
2 participants
@renuy @everettraven