Skip to content

add flag for reading pods from kube-apiserver cache #3064

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dreamerlzl wants to merge 7 commits into from
Closed

add flag for reading pods from kube-apiserver cache #3064

dreamerlzl wants to merge 7 commits into from

Conversation

@dreamerlzl
Copy link
Contributor

@dreamerlzl dreamerlzl commented Jul 6, 2025
edited
Loading

Current listing of pods can go to etcd directly without hitting cache in apiserver. Adding an optional flag to reduce the load on etcd side by setting resourceVersion=0.

@dreamerlzl dreamerlzl force-pushed the config-k8s-resourceVersion branch from 30cce25 to dbb4a12 Compare July 8, 2025 07:37
@dreamerlzl dreamerlzl changed the title feat: add flag for resourceVersion add flag for reading pods from kube-apiserver cache Jul 8, 2025
@brancz
Copy link
Member

brancz commented Jul 8, 2025

Is there a good reason not to make this default?

Another thing I've recently been thinking about, we already have a trigger where we list pods when we don't have metadata. What if we used the kubelet's local pods endpoint instead of hitting the apiserver at all?

@dreamerlzl
Copy link
Contributor Author

dreamerlzl commented Jul 8, 2025
edited
Loading

Is there a good reason not to make this default?

Another thing I've recently been thinking about, we already have a trigger where we list pods when we don't have metadata. What if we used the kubelet's local pods endpoint instead of hitting the apiserver at all?

I believe that's even better by using kubelet's local pods. Shall we do this in a another pr?

@brancz
Copy link
Member

brancz commented Jul 8, 2025

Sounds good to me!

@dreamerlzl
Copy link
Contributor Author

dreamerlzl commented Jul 8, 2025

Just realize that to query kubelet API proper configuration for authentication & authorization are required. I will craft a draft first and let's see.

@dreamerlzl
Copy link
Contributor Author

dreamerlzl commented Jul 9, 2025

Btw, can we merge this pr first?

@dreamerlzl dreamerlzl closed this Sep 25, 2025
@dreamerlzl dreamerlzl mentioned this pull request Nov 13, 2025
Merged
brancz added a commit that referenced this pull request Nov 13, 2025
@brancz
Get pod list via CRI first (#3116)
a51e420 
This is a successor for
#3064

The method used in this PR is from crictl:
https://github.com/kubernetes-sigs/cri-tools/blob/master/cmd/crictl/pod_stats.go

The upgrade for selinux and containerd fixes CVE-2025-52881 and
CVE-2024-25621 , respectively.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brancz brancz brancz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dreamerlzl @brancz