lukaszraczylo/kubemirror
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/kubemirror.git synced 2026-06-05 22:43:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
52 Commits 1 Branch 30 Tags
99c0eccd53b708dbdffdad7b9dff06ef54daa817
Commit Graph

52 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
lukaszraczylo 99c0eccd53 fix: default verify-source-freshness=true; honor opt-out for glob 
H1: --verify-source-freshness used to default to false, so any source
update whose annotation was still in the informer cache (5-20s lag)
would resolve the wrong target list. cleanupOrphanedMirrors then ran
against the stale list and missed orphans (manifested in e2e as
'Orphaned mirror in kubemirror-e2e-app-1 not deleted within timeout'
after target-namespaces was changed). Defaulting to true fixes the
race; the trade-off is one extra API read per stale-cache reconcile.

M2: ResolveTargetNamespaces glob branch checked filter.IsAllowed but
not the opt-out map, so a namespace labeled allow-mirrors=false would
still receive a mirror through patterns like 'app-*'. The 'all' branch
already had the guard; the glob branch now does too. Direct namespace
listings still bypass opt-out by design (explicit author intent).
 2026-05-02 22:36:50 +01:00
lukaszraczylo 4277c8ac39 fix(controller): guard mirror deletion + enforce secret blacklist 
C1: deleteAllMirrors used to issue a blind Delete on every namespace
matching the source name+GVK, which would destroy unrelated resources
(e.g. a 'default' SA, 'ca-bundle' ConfigMap) sharing the source name.
Now reads each candidate, verifies managed-by label and source-reference
annotation, and only deletes confirmed mirrors.

M1: BlacklistedSecretTypes was declared but never enforced. Enabling
mirroring on a service-account-token / bootstrap-token / helm release
Secret would mirror credentials cluster-wide. Now refused at Reconcile.

M3: deleteAllMirrors swallowed per-namespace errors and returned nil,
so callers removed the finalizer even on partial failure (orphans).
Errors are now joined and returned.
 2026-05-02 22:35:40 +01:00
lukaszraczylo b555d84d32 ci: bump go-version constraint to >=1.26 
k8s.io/api v0.36.0 requires Go 1.26.0; autoupdate has been failing
since 2026-04-23 because setup-go's cached 1.25.9 fell behind.
 2026-05-02 22:03:19 +01:00
lukaszraczylo 30ffc823d9 Update go.mod and go.sum (#32) 2026-04-19 05:09:27 +01:00
lukaszraczylo c3450e2af2 Update go.mod and go.sum (#31) 2026-04-17 05:09:22 +01:00
lukaszraczylo d0857e4f4a Update go.mod and go.sum (#30) 2026-04-16 05:10:11 +01:00
lukaszraczylo 36c9e859af Update go.mod and go.sum (#29) 2026-04-15 05:07:38 +01:00
lukaszraczylo 05aacddeab Update go.mod and go.sum (#28) 2026-04-10 05:08:23 +01:00
lukaszraczylo a9838e9156 Update go.mod and go.sum (#27) 2026-04-09 05:02:31 +01:00
lukaszraczylo 317143c458 Update go.mod and go.sum (#26) 2026-03-31 05:04:13 +01:00
lukaszraczylo 42358a3743 Update go.mod and go.sum (#25) 2026-03-20 03:54:18 +00:00
lukaszraczylo f2ecc5d56a Update go.mod and go.sum (#24) 2026-03-19 03:57:48 +00:00
lukaszraczylo 30de592c0c Update go.mod and go.sum (#23) 2026-03-18 03:57:33 +00:00
lukaszraczylo ea405f44a2 Update go.mod and go.sum (#22) 2026-03-12 03:52:50 +00:00
lukaszraczylo f62bec57f5 Update go.mod and go.sum (#21) 2026-03-09 03:53:52 +00:00
lukaszraczylo c9cf81e4fd Update go.mod and go.sum (#20) 2026-03-07 03:46:46 +00:00
lukaszraczylo 7c8a12958d Update go.mod and go.sum (#19) 2026-03-06 03:52:51 +00:00
lukaszraczylo 0bac0f4645 Update go.mod and go.sum (#18) 2026-03-05 03:52:56 +00:00
lukaszraczylo afe6602ddd Update go.mod and go.sum (#17) 2026-03-03 03:53:14 +00:00
lukaszraczylo 91a1d05a92 Update go.mod and go.sum (#16) 2026-03-01 03:59:02 +00:00
lukaszraczylo 3c7f25bc16 Update go.mod and go.sum (#15) 2026-02-28 03:44:26 +00:00
lukaszraczylo 1a40783e36 Update go.mod and go.sum (#14) 2026-02-26 03:54:10 +00:00
lukaszraczylo 56809700fb Update go.mod and go.sum (#13) 2026-02-11 04:03:15 +00:00
lukaszraczylo 5db9fa8653 Update go.mod and go.sum (#12) 2026-02-10 04:04:06 +00:00
lukaszraczylo 1e4af7df0c Update go.mod and go.sum (#11) 2026-02-09 03:59:24 +00:00
lukaszraczylo 668a84b070 Update go.mod and go.sum (#10) 2026-02-07 03:51:55 +00:00
lukaszraczylo 9dea7a1022 Update go.mod and go.sum (#9) 2026-01-28 03:40:46 +00:00
lukaszraczylo ba95e09f5c Update go.mod and go.sum (#8) 2026-01-27 03:42:08 +00:00
lukaszraczylo 53afeb8560 Update go.mod and go.sum (#7) 2026-01-20 03:39:57 +00:00
lukaszraczylo 096dca47d1 improvements jan2025 (#6) 
* feat(controller): add lazy watcher, improve resource usage and add pattern validation

- [x] Add cache sync health check for readiness probe verification
- [x] Create namespace lister with API reader support for fresh label queries
- [x] Add pattern validation with warning logs for invalid glob patterns
- [x] Implement lazy watcher initialization mode to scan for active resources
- [x] Add requeue delay to namespace reconciler for cache settlement
- [x] Replace custom containsString with slices.Contains from stdlib
- [x] Add structured logging context to reconcilers (kind, group, version)
- [x] Improve error variable naming for clarity in nested conditions
- [x] Add nil-safe label access in namespace reconciler setup
- [x] Add APIReader to namespace and source reconcilers for fresh data
- [x] Improve type assertions with proper error handling in mirror operations
- [x] Reorder struct fields for consistency and readability
- [x] Add comprehensive pattern validation tests and validation API

* feat(controller): add lazy watcher, improve resource usage and add pattern validation

- [x] Add circuit breaker for reconciliation failure tracking and prevention
- [x] Implement granular registration state tracking (not-registered, source-only, fully-registered)
- [x] Add lazy controller initialization for active resource types only
- [x] Consolidate namespace listing into single API call for efficiency
- [x] Add mirror creation verification to catch webhook rejections
- [x] Implement high-cardinality resource detection and warnings
- [x] Add source deletion check in mirror reconciler to prevent races
- [x] Preserve transformation annotations on errors in mirror reconciliation
- [x] Expand constants documentation with labels vs annotations design rationale
- [x] Add comprehensive test coverage for circuit breaker and registration states
- [x] Add mutation-safety tests for hash computation

* fixup! feat(controller): add lazy watcher, improve resource usage and add pattern validation
 2026-01-14 13:07:11 +00:00
lukaszraczylo 4f8e2783cf Update go.mod and go.sum (#5) v0.4.18 2026-01-13 03:38:38 +00:00
lukaszraczylo 0f74af4a07 Update go.mod and go.sum (#4) v0.4.16 2026-01-10 03:37:16 +00:00
lukaszraczylo a89fcd5726 Update go.mod and go.sum (#3) v0.4.14 2026-01-09 03:39:08 +00:00
lukaszraczylo a2aff5671e Update go.mod and go.sum (#2) v0.4.12 2026-01-07 03:39:51 +00:00
lukaszraczylo 1cda7c46be Update go.mod and go.sum (#1) v0.4.10 2026-01-06 03:38:29 +00:00
lukaszraczylo 19e72e136a Add lazy watcher, improving resource usage; update website. v0.4.8 2025-12-27 01:28:46 +00:00
lukaszraczylo e560e183ec fixup! Add missing traefik crd to the e2e test setup. v0.4.6 2025-12-26 18:09:12 +00:00
lukaszraczylo 7f1c490938 Add missing traefik crd to the e2e test setup. 2025-12-26 17:54:54 +00:00
lukaszraczylo 1d49573fd1 Fix the last tests 2025-12-26 17:44:57 +00:00
lukaszraczylo 2f5faddf04 Fix transformer handling logic and improve content hashing 2025-12-26 17:39:33 +00:00
lukaszraczylo c8ebfe376b Reliabity improvements. 2025-12-26 17:30:13 +00:00
lukaszraczylo ceff0ed67f CRD discovery, log noise reduction, e2e tests 2025-12-26 15:25:25 +00:00
lukaszraczylo e822eb3e17 Compliment the reconciliation on annotation change with tests. v0.2.14 2025-12-26 01:42:16 +00:00
lukaszraczylo c6bdc1f559 Remove targets if annotations on source have changed. v0.2.13 2025-12-26 01:35:46 +00:00
lukaszraczylo 54f4f9306c fixup! fix: Mirrored resources managed by other operators. v0.2.12 2025-12-26 01:04:46 +00:00
lukaszraczylo 2dd34bf39e fix: Mirrored resources managed by other operators. 2025-12-26 01:02:55 +00:00
lukaszraczylo cdae3f7fd7 fixup! fixup! fixup! Utilise shared workflows. v0.2.8 2025-12-26 00:05:45 +00:00
lukaszraczylo 22572aed75 fixup! fixup! Utilise shared workflows. v0.2.6 2025-12-25 23:42:15 +00:00
lukaszraczylo ca0cff3be3 fixup! Utilise shared workflows. v0.2.4 2025-12-25 23:20:03 +00:00
lukaszraczylo 7d2c113308 Utilise shared workflows. 2025-12-25 23:15:28 +00:00