Skip to content

refactor: add indexes to secret informers to speedup settings parsing #7882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 7, 2021
Merged

refactor: add indexes to secret informers to speedup settings parsing #7882

merged 1 commit into from
Dec 7, 2021

Conversation

alexmt
Copy link
Collaborator

@alexmt alexmt commented Dec 7, 2021
edited
Loading

Signed-off-by: Alexander Matyushentsev AMatyushentsev@gmail.com

PR improves settings parsing - introduces 3 indexes to secret informer: repo by project, cluster by project, cluster by server URL. The indexes allow the controller to avoid iterating an in-memory list of secrets which reduces CPU usage by 40%~50% on an instance which have ~400 secrets and 3k apps.

Additionally PR fixes a security issue: shared credentials are not supported but project repositories still "inherit" credentials configured in shared credentials. This is incorrect since the user can use project scoped repo to "steal" shared credentials.

@alexmt alexmt marked this pull request as draft December 7, 2021 18:22
@alexmt alexmt force-pushed the get-cluster-performance branch 2 times, most recently from 38fa354 to ffe32d8 Compare December 7, 2021 21:01
@alexmt alexmt marked this pull request as ready for review December 7, 2021 21:07
@alexmt
refactor: add indexes to secret informers to speedup settings parsing
a5a4d96 
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
@alexmt alexmt force-pushed the get-cluster-performance branch from ffe32d8 to a5a4d96 Compare December 7, 2021 21:42
@codecov
Copy link

codecov bot commented Dec 7, 2021

Codecov Report

Merging #7882 (a5a4d96) into master (7d59cbb) will decrease coverage by 0.03%.
The diff coverage is 43.95%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #7882      +/-   ##
==========================================
- Coverage   41.48%   41.44%   -0.04%     
==========================================
  Files         169      169              
  Lines       22254    22310      +56     
==========================================
+ Hits         9232     9247      +15     
- Misses      11703    11741      +38     
- Partials     1319     1322       +3
Impacted Files Coverage Δ
util/db/db.go 84.61% <ø> (ø)
util/argo/argo.go 63.04% <15.38%> (-1.48%) ⬇️
controller/appcontroller.go 52.91% <33.33%> (-0.02%) ⬇️
util/db/cluster.go 59.20% <33.33%> (-5.38%) ⬇️
util/db/repository.go 39.28% <50.00%> (+0.82%) ⬆️
util/settings/settings.go 47.60% <57.57%> (+0.35%) ⬆️
server/repository/repository.go 36.40% <100.00%> (+0.25%) ⬆️
util/db/repository_secrets.go 69.68% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7d59cbb...a5a4d96. Read the comment docs.

mayzhang2000
mayzhang2000 approved these changes Dec 7, 2021
View reviewed changes
Copy link
Contributor

@mayzhang2000 mayzhang2000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@alexmt alexmt merged commit bea379b into argoproj:master Dec 7, 2021
alexmt pushed a commit that referenced this pull request Dec 7, 2021
@alexmt
refactor: add indexes to secret informers to speedup settings parsing (
0faeeb8 
…#7882)

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
@alexmt alexmt deleted the get-cluster-performance branch December 7, 2021 22:30
@yeya24
Copy link
Contributor

yeya24 commented Dec 9, 2021

Hello @alexmt, does this pr help with #7531?

@alexmt
Copy link
Collaborator Author

alexmt commented Dec 9, 2021

@yeya24 , yes - it addresses this issue as well as some other performance bottlenecks.

I was fixing it in rush, since we also run into it in production and forgot to notify you. BTW I discovered some additional bottlenecks using your pprof endpoints - thank you!

This was referenced Dec 15, 2021
Closed
Closed
@yeya24
Copy link
Contributor

yeya24 commented Jan 7, 2022

I am still seeing a lot of time spent on this function. Does ArgoCD still serialize secret after this pr has been merged?
image

@alexmt
Copy link
Collaborator Author

alexmt commented Jan 7, 2022

It might be that I missed something and we still have a method in controller that doesn't use the index to access the cluster.
@yeya24 , can you please share full stack trace so I can see which method calls secretToCluster?

@yeya24
Copy link
Contributor

yeya24 commented Jan 8, 2022

Hi @alexmt, that's the profile https://share.polarsignals.com/fbdddca/. You can switch to Icicle graph if you need to view the flamegraph.

@alexmt
Copy link
Collaborator Author

alexmt commented Jan 8, 2022

Thank you @yeya24 ! Yes, there is an issue I did not notice. It affects applications that use cluster name instead of URL. The fix is trivial - I need to introduce one more index (by cluster name). Working on fix. Will cherry-pick it into v2.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mayzhang2000 mayzhang2000 mayzhang2000 approved these changes

@pasha-codefresh pasha-codefresh Awaiting requested review from pasha-codefresh

@leoluz leoluz Awaiting requested review from leoluz

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alexmt @yeya24 @mayzhang2000