Documentation
¶
Overview ¶
Package containerprofilecache provides a unified, container-keyed cache for ContainerProfile objects.
Package containerprofilecache — reconciler.go ¶
The reconciler is the safety-net eviction path AND the freshness refresh loop. Each tick it:
- reconcileOnce: evicts cache entries whose pod is gone or whose container is no longer Running.
- refreshAllEntries (single-flight via atomic flag): re-fetches the consolidated CP, the workload-level AP+NN, the user-managed "ug-<workload>" AP+NN, and any label-referenced user AP/NN overlay, then rebuilds the projection iff any resourceVersion changed. Fast-skip when every RV matches what's already cached.
RPC cost @ 300 containers / 30s cadence steady-state: up to 7 gets per entry per tick (CP + 3×AP + 3×NN). At 300 entries that's 70 RPC/s in the worst case, dropping close to 0 once fast-skip catches on. Most entries carry only workload-level AP+NN, so the common case is 3 RPC/tick per entry = 30 RPC/s.
Index ¶
- func Apply(spec *objectcache.RuleProjectionSpec, cp *v1beta1.ContainerProfile, ...) *objectcache.ProjectedContainerProfile
- func CompileSpec(rules []typesv1.Rule) objectcache.RuleProjectionSpec
- type CachedContainerProfile
- type ContainerProfileCacheImpl
- func (c *ContainerProfileCacheImpl) ContainerCallback(notif containercollection.PubSubEvent)
- func (c *ContainerProfileCacheImpl) GetCallStackSearchTree(containerID string) *callstackcache.CallStackSearchTree
- func (c *ContainerProfileCacheImpl) GetContainerProfileState(containerID string) *objectcache.ProfileState
- func (c *ContainerProfileCacheImpl) GetProjectedContainerProfile(containerID string) *objectcache.ProjectedContainerProfile
- func (c *ContainerProfileCacheImpl) SetProjectionSpec(spec objectcache.RuleProjectionSpec)
- func (c *ContainerProfileCacheImpl) Start(ctx context.Context)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Apply ¶ added in v0.3.111
func Apply(spec *objectcache.RuleProjectionSpec, cp *v1beta1.ContainerProfile, callStackTree *callstackcache.CallStackSearchTree) *objectcache.ProjectedContainerProfile
Apply transforms a raw ContainerProfile into a ProjectedContainerProfile under the given spec. Pure function: no I/O, no mutation of inputs. If spec is nil, a zero-spec is used — InUse=false on every field triggers pass-through, retaining all raw data. callStackTree is built by the caller and passed in so Apply stays a pure data transform.
func CompileSpec ¶ added in v0.3.111
func CompileSpec(rules []typesv1.Rule) objectcache.RuleProjectionSpec
CompileSpec unions ProfileDataRequired declarations from all rules into a single RuleProjectionSpec. Rules with nil ProfileDataRequired contribute nothing. Output is deterministic: pattern slices are sorted before hashing.
Types ¶
type CachedContainerProfile ¶
type CachedContainerProfile struct {
Projected *objectcache.ProjectedContainerProfile
SpecHash string // mirrors Projected.SpecHash; used for staleness checks
State *objectcache.ProfileState
CallStackTree *callstackcache.CallStackSearchTree
ContainerName string
PodName string
Namespace string
PodUID string
WorkloadID string
// UserAPRef / UserNNRef are set when the entry was built with a legacy
// user-authored AP/NN overlay. Used by the reconciler to re-fetch on
// refresh and to key deprecation warnings.
UserAPRef *namespacedName
UserNNRef *namespacedName
// CPName is the storage name of the ContainerProfile. Populated at
// addContainer time so the reconciler can re-fetch without re-querying
// shared data (which may have been evicted from K8sObjectCache by then).
CPName string
// WorkloadName is the per-workload slug used to fetch the workload-level
// ApplicationProfile / NetworkNeighborhood (primary data source while the
// storage-side consolidated CP isn't publicly queryable) and, with the
// "ug-" prefix, the user-managed AP/NN. Populated at addContainer time.
WorkloadName string
RV string // ContainerProfile resourceVersion at last load
UserManagedAPRV string // user-managed AP (ug-<workload>) RV at last projection, "" if absent
UserManagedNNRV string // user-managed NN (ug-<workload>) RV at last projection, "" if absent
UserAPRV string // user-AP (label-referenced) resourceVersion at last projection, "" if no overlay
UserNNRV string // user-NN (label-referenced) resourceVersion at last projection, "" if no overlay
}
CachedContainerProfile is the per-container cache entry. One entry per live containerID, populated on ContainerCallback (Add) and removed on Remove.
Projected holds the compact projected form built by Apply(). The raw ContainerProfile is not retained after projection — only the compact form is stored so the raw pointer can be GC'd.
type ContainerProfileCacheImpl ¶
type ContainerProfileCacheImpl struct {
// contains filtered or unexported fields
}
ContainerProfileCacheImpl is the unified container-keyed cache for ContainerProfile objects.
func NewContainerProfileCache ¶
func NewContainerProfileCache(cfg config.Config, storageClient storage.ProfileClient, k8sObjectCache objectcache.K8sObjectCache, metricsManager metricsmanager.MetricsManager) *ContainerProfileCacheImpl
NewContainerProfileCache creates a new ContainerProfileCacheImpl. metricsManager may be nil; internally we substitute a no-op so call sites don't need nil checks.
func (*ContainerProfileCacheImpl) ContainerCallback ¶
func (c *ContainerProfileCacheImpl) ContainerCallback(notif containercollection.PubSubEvent)
ContainerCallback handles container lifecycle events (add/remove). Mirrors the shape used by the legacy caches.
func (*ContainerProfileCacheImpl) GetCallStackSearchTree ¶
func (c *ContainerProfileCacheImpl) GetCallStackSearchTree(containerID string) *callstackcache.CallStackSearchTree
GetCallStackSearchTree returns the cached call-stack index for a container, or nil if there is no entry or no tree.
func (*ContainerProfileCacheImpl) GetContainerProfileState ¶
func (c *ContainerProfileCacheImpl) GetContainerProfileState(containerID string) *objectcache.ProfileState
GetContainerProfileState returns the cached ProfileState for a container (completion/status/name). Returns a synthetic error state when the entry is missing.
func (*ContainerProfileCacheImpl) GetProjectedContainerProfile ¶ added in v0.3.111
func (c *ContainerProfileCacheImpl) GetProjectedContainerProfile(containerID string) *objectcache.ProjectedContainerProfile
GetProjectedContainerProfile returns the projected profile for a container, or nil if there is no entry. Reports a cache-hit metric.
func (*ContainerProfileCacheImpl) SetProjectionSpec ¶ added in v0.3.111
func (c *ContainerProfileCacheImpl) SetProjectionSpec(spec objectcache.RuleProjectionSpec)
SetProjectionSpec installs a new compiled spec. Idempotent: no-op when the spec hash matches the currently-installed one. On change: stores the spec, bumps specGeneration, and sends a non-blocking nudge to the reconciler. Never blocks on the reconciler (rulemanager calls this inline).
func (*ContainerProfileCacheImpl) Start ¶
func (c *ContainerProfileCacheImpl) Start(ctx context.Context)
Start begins the periodic reconciler goroutine. The loop evicts entries whose container is no longer Running and refreshes live entries' base CP + user AP/NN overlays. See reconciler.go for the tick loop and RPC-cost characterization.
Source Files