containerprofilecache

package

v0.3.108 Latest Latest Go to latest Published: Apr 29, 2026 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubescape/node-agent

Links

Open Source Insights

Documentation ¶

Overview ¶

Package containerprofilecache provides a unified, container-keyed cache for ContainerProfile objects.

Package containerprofilecache — reconciler.go ¶

The reconciler is the safety-net eviction path AND the freshness refresh loop. Each tick it:

reconcileOnce: evicts cache entries whose pod is gone or whose container is no longer Running.
refreshAllEntries (single-flight via atomic flag): re-fetches the consolidated CP, the workload-level AP+NN, the user-managed "ug-<workload>" AP+NN, and any label-referenced user AP/NN overlay, then rebuilds the projection iff any resourceVersion changed. Fast-skip when every RV matches what's already cached.

RPC cost @ 300 containers / 30s cadence steady-state: up to 7 gets per entry per tick (CP + 3×AP + 3×NN). At 300 entries that's 70 RPC/s in the worst case, dropping close to 0 once fast-skip catches on. Most entries carry only workload-level AP+NN, so the common case is 3 RPC/tick per entry = 30 RPC/s.

Index ¶

type CachedContainerProfile
type ContainerProfileCacheImpl
- func NewContainerProfileCache(cfg config.Config, storageClient storage.ProfileClient, ...) *ContainerProfileCacheImpl

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CachedContainerProfile ¶

type CachedContainerProfile struct {
	Profile       *v1beta1.ContainerProfile
	State         *objectcache.ProfileState
	CallStackTree *callstackcache.CallStackSearchTree

	ContainerName string
	PodName       string
	Namespace     string
	PodUID        string
	WorkloadID    string

	// UserAPRef / UserNNRef are set when the entry was built with a legacy
	// user-authored AP/NN overlay. Used by the reconciler to re-fetch on
	// refresh and to key deprecation warnings.
	UserAPRef *namespacedName
	UserNNRef *namespacedName

	// CPName is the storage name of the ContainerProfile. Populated at
	// addContainer time so the reconciler can re-fetch without re-querying
	// shared data (which may have been evicted from K8sObjectCache by then).
	CPName string

	// WorkloadName is the per-workload slug used to fetch the workload-level
	// ApplicationProfile / NetworkNeighborhood (primary data source while the
	// storage-side consolidated CP isn't publicly queryable) and, with the
	// "ug-" prefix, the user-managed AP/NN. Populated at addContainer time.
	WorkloadName string

	Shared          bool   // true iff Profile is the shared storage-fetched pointer (read-only)
	RV              string // ContainerProfile resourceVersion at last load
	UserManagedAPRV string // user-managed AP (ug-<workload>) RV at last projection, "" if absent
	UserManagedNNRV string // user-managed NN (ug-<workload>) RV at last projection, "" if absent
	UserAPRV        string // user-AP (label-referenced) resourceVersion at last projection, "" if no overlay
	UserNNRV        string // user-NN (label-referenced) resourceVersion at last projection, "" if no overlay
}

CachedContainerProfile is the per-container cache entry. One entry per live containerID, populated on ContainerCallback (Add) and removed on Remove.

Profile may be the raw storage-fetched pointer (Shared=true, fast path) or a DeepCopy with user-authored AP/NN overlays merged in (Shared=false). entry.Profile is read-only once stored; storage.ProfileClient returns fresh-decoded objects per call (thin wrapper over client-go typed client) so shared aliasing is safe.

type ContainerProfileCacheImpl ¶

type ContainerProfileCacheImpl struct {
	// contains filtered or unexported fields
}

ContainerProfileCacheImpl is the unified container-keyed cache for ContainerProfile objects.

func NewContainerProfileCache ¶

func NewContainerProfileCache(cfg config.Config, storageClient storage.ProfileClient, k8sObjectCache objectcache.K8sObjectCache, metricsManager metricsmanager.MetricsManager) *ContainerProfileCacheImpl

NewContainerProfileCache creates a new ContainerProfileCacheImpl. metricsManager may be nil; internally we substitute a no-op so call sites don't need nil checks.

func (*ContainerProfileCacheImpl) ContainerCallback ¶

func (c *ContainerProfileCacheImpl) ContainerCallback(notif containercollection.PubSubEvent)

ContainerCallback handles container lifecycle events (add/remove). Mirrors the shape used by the legacy caches.

func (*ContainerProfileCacheImpl) GetCallStackSearchTree ¶

func (c *ContainerProfileCacheImpl) GetCallStackSearchTree(containerID string) *callstackcache.CallStackSearchTree

GetCallStackSearchTree returns the cached call-stack index for a container, or nil if there is no entry or no tree.

func (*ContainerProfileCacheImpl) GetContainerProfile ¶

func (c *ContainerProfileCacheImpl) GetContainerProfile(containerID string) *v1beta1.ContainerProfile

GetContainerProfile returns the cached ContainerProfile pointer for a container, or nil if there is no entry. Reports a cache-hit metric.

func (*ContainerProfileCacheImpl) GetContainerProfileState ¶

func (c *ContainerProfileCacheImpl) GetContainerProfileState(containerID string) *objectcache.ProfileState

GetContainerProfileState returns the cached ProfileState for a container (completion/status/name). Returns a synthetic error state when the entry is missing.

func (*ContainerProfileCacheImpl) Start ¶

func (c *ContainerProfileCacheImpl) Start(ctx context.Context)

Start begins the periodic reconciler goroutine. The loop evicts entries whose container is no longer Running and refreshes live entries' base CP + user AP/NN overlays. See reconciler.go for the tick loop and RPC-cost characterization.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL