lukaszraczylo/kubemirror
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/kubemirror.git synced 2026-06-11 23:19:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: default verify-source-freshness=true; honor opt-out for glob

Browse Source 
H1: --verify-source-freshness used to default to false, so any source
update whose annotation was still in the informer cache (5-20s lag)
would resolve the wrong target list. cleanupOrphanedMirrors then ran
against the stale list and missed orphans (manifested in e2e as
'Orphaned mirror in kubemirror-e2e-app-1 not deleted within timeout'
after target-namespaces was changed). Defaulting to true fixes the
race; the trade-off is one extra API read per stale-cache reconcile.

M2: ResolveTargetNamespaces glob branch checked filter.IsAllowed but
not the opt-out map, so a namespace labeled allow-mirrors=false would
still receive a mirror through patterns like 'app-*'. The 'all' branch
already had the guard; the glob branch now does too. Direct namespace
listings still bypass opt-out by design (explicit author intent).
This commit is contained in:
Lukasz Raczylo
2026-05-02 22:36:50 +01:00
parent 4277c8ac39
commit 99c0eccd53
3 changed files with 30 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/kubemirror/main.go
+5 -3
View File
@@ -102,10 +102,12 @@ func main() {
"Burst limit for API server requests.")
flag.DurationVar(&resyncPeriod, "resync-period", 10*time.Minute,
"Period for resyncing all resources (catches updates missed due to informer cache delays).")
flag.BoolVar(&verifySourceFreshness, "verify-source-freshness", false,
flag.BoolVar(&verifySourceFreshness, "verify-source-freshness", true,
"Verify source resource freshness by comparing cache with direct API read. "+
"Prevents mirroring stale data when cache lags behind watch events. "+
"Trade-off: Extra API call when cache is stale.")
"Prevents mirroring stale data and missed orphan cleanups when the informer "+
"cache lags behind watch events. Trade-off: one extra API call per reconcile "+
"when the cache is stale. Disable only if you are confident your cluster's "+
"watch latency is negligible.")
flag.BoolVar(&lazyWatcherInit, "lazy-watcher-init", false,
"Enable lazy watcher initialization - only create informers for resource types that have resources marked for mirroring. "+
"Significantly reduces memory usage by avoiding watchers for unused resource types. "+