-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
parallelize everything #286
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #286 +/- ##
==========================================
- Coverage 70.90% 70.37% -0.53%
==========================================
Files 11 11
Lines 976 1043 +67
==========================================
+ Hits 692 734 +42
- Misses 213 235 +22
- Partials 71 74 +3
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have mixing feelings about this 3 cli flags. Knowing the code, I understand and they make sense. But thinking in the user UX I think this can be improved. Maybe we can have a simpler CLI flags something like max-parallel-request
and worker-pool-size
. Where the first controls the number of request going out of the scanner. While the second, controls the number of internal go routines doing the scanner logic. Or maybe have only the max-parallel-request
and making everything in the scanner running in parallel, because the scanner logic is not that complex and the most expensive operation are the requests.
But I'm not sure if we want to do that now (if we decided to do it in the first place) or in a future iteration (v1.14.0)... Besides that, I'm fine with the code if we want to keep the current approach from this PR.
Allow the user to set the number of parallel resources being audited via a cli-flag. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Allow multiple namespaces to be audited at the same time. Expose that via a cli flag. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Given a Kubernetes resource to audit, allow multiple policies to be invoked at the same time. Allow the user to configure the amount of parallelization with a cli flag. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Allow user to configure the amount of resources fetched from the API server while paginating. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Provide better default values. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
0583525
to
a360e8f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add new CLI flags about parellization, expand usage section. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Reflect the latest changes done Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Change how the audit process is done, allowing more parallilazion if wanted by the user.
This PR adds these new flags (I'm open to change their names, I'm not super fond of them):
--parallel-namespaces
: how many Namespaces can be audited in parallel. Default is 1.--parallel-resources
: how many resources can be audited in parallel. Default is 50.--parallel-policies
: when auditing a specic resource, how many policies can be invoked in parallel. Default is 10.By tuning these values, the user has direct control over how many HTTP requests are sent to the policy server(s) at the same time.
For example,
--parallel-namespaces 2 --parallel-resources 100 --parallel-policies 10
translates to a maximum of2 * 100 * 10 = 2000
HTTP requests at the same time.Benchmarks
Given the following scenario:
default
namespaceNo parallelization
Leads to the following results:
Parallelization
Leads to the following results: