make rbac max concurrent calls configurable via env variable

tektoncd · Sep 20, 2024 · d3f97a8 · d3f97a8
1 parent 501f4e4
commit d3f97a8
Show file tree

Hide file tree

Showing 4 changed files with 120 additions and 3 deletions.
diff --git a/pkg/reconciler/openshift/const.go b/pkg/reconciler/openshift/const.go
@@ -5,4 +5,8 @@ const (
 	OperandOpenShiftPipelineAsCode  = "openshift-pipeline-as-code"
 	// NamespaceSCCAnnotation is used to set SCC for a given namespace
 	NamespaceSCCAnnotation = "operator.tekton.dev/scc"
+
+	// RbacProvisioningMaxConcurrentCalls is used to set a go routine pool size when
+	// we reconcile namespaces and do rbac provisonning
+	RbacProvisioningMaxConcurrentCalls = "OCP_RBAC_MAX_CONCURRENT_CALLS"
 )
diff --git a/pkg/reconciler/openshift/tektonconfig/init.go b/pkg/reconciler/openshift/tektonconfig/init.go
@@ -0,0 +1,70 @@
+/*
+Copyright 2024 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package tektonconfig
+
+import (
+	"context"
+	"os"
+	"strconv"
+
+	"github.com/tektoncd/operator/pkg/reconciler/openshift"
+	"knative.dev/pkg/logging"
+)
+
+const (
+	defaultRbacMaxConcurrentCalls = 25
+	minRbacMaxConcurrentCalls     = 1
+	maxRbacMaxConcurrentCalls     = 50
+)
+
+var rbacMaxConcurrentCalls int
+
+func init() {
+	rbacMaxConcurrentCalls = loadRbacMaxConcurrentCalls()
+}
+
+func loadRbacMaxConcurrentCalls() int {
+	logger := logging.FromContext(context.TODO())
+	envValue := os.Getenv(openshift.RbacProvisioningMaxConcurrentCalls)
+	if envValue == "" {
+		return defaultRbacMaxConcurrentCalls
+	}
+	parsedValue, err := strconv.Atoi(envValue)
+	if err != nil {
+		logger.Infof("Failed to parse %s, setting to default: %d", openshift.RbacProvisioningMaxConcurrentCalls, defaultRbacMaxConcurrentCalls)
+		return defaultRbacMaxConcurrentCalls
+	}
+	if parsedValue < minRbacMaxConcurrentCalls || parsedValue > maxRbacMaxConcurrentCalls {
+		logger.Infof("Invalid value %d for %s. Valid range is [%d, %d]. Setting to default: %d",
+			parsedValue,
+			openshift.RbacProvisioningMaxConcurrentCalls,
+			minRbacMaxConcurrentCalls,
+			maxRbacMaxConcurrentCalls,
+			defaultRbacMaxConcurrentCalls)
+		return defaultRbacMaxConcurrentCalls
+	}
+
+	return parsedValue
+}
+
+func init() {
+	rbacMaxConcurrentCalls = loadRbacMaxConcurrentCalls()
+}
+
+func getRBACMaxCalls() int {
+	return rbacMaxConcurrentCalls
+}
diff --git a/pkg/reconciler/openshift/tektonconfig/init_test.go b/pkg/reconciler/openshift/tektonconfig/init_test.go
@@ -0,0 +1,45 @@
+/*
+Copyright 2024 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package tektonconfig
+
+import (
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"github.com/tektoncd/operator/pkg/reconciler/openshift"
+)
+
+func TestLoadRbacMaxConcurrentCalls(t *testing.T) {
+	for _, tt := range []struct {
+		desc          string
+		envValue      string
+		expectedValue int
+	}{
+		{"empty envValue", "", defaultRbacMaxConcurrentCalls},
+		{"valid envValue", "10", 10},
+		{"below min envValue", "-1", defaultRbacMaxConcurrentCalls},
+		{"above max envValye", "60", defaultRbacMaxConcurrentCalls},
+		{"invalid envValue", "xyz", defaultRbacMaxConcurrentCalls},
+	} {
+		t.Run(tt.desc, func(t *testing.T) {
+			os.Setenv(openshift.RbacProvisioningMaxConcurrentCalls, tt.envValue)
+			result := loadRbacMaxConcurrentCalls()
+			require.Equal(t, result, tt.expectedValue)
+		})
+	}
+}
diff --git a/pkg/reconciler/openshift/tektonconfig/rbac.go b/pkg/reconciler/openshift/tektonconfig/rbac.go
@@ -67,8 +67,6 @@ const (
 	rbacInstallerSetNamePrefix  = "rhosp-rbac-"
 	rbacParamName               = "createRbacResource"
 	serviceAccountCreationLabel = "openshift-pipelines.tekton.dev/sa-created"
-
-	rbacMaxConcurrentCalls = 20
 )
 
 var (
@@ -402,7 +400,7 @@ func (r *rbac) createResources(ctx context.Context) error {
 	var wg sync.WaitGroup
 
 	// Start worker pool
-	for i := 0; i < rbacMaxConcurrentCalls; i++ {
+	for i := 0; i < getRBACMaxCalls(); i++ {
 		wg.Add(1)
 		go r.nsWorker(ctx, &wg, jobs, errCh)
 	}