Problem
In high-throughput environments, the default external-secrets controller arguments are insufficient. Specifically, the default values for --client-burst, --client-qps, and --concurrent can cause the controller to fall behind on reconciliation under load, leading to delays in secret synchronisation.
Currently the operator hardcodes the controller's argument list in updateContainerSpec with no way for users to override or extend them through the ExternalSecretsConfig API.
Desired behaviour
Users should be able to supply additional coxternal-secrets controller container (and
other components) through the ExternalSecret
apiVersion: operator.openshift.io/v1alpha1
kind: ExternalSecretsConfig
metadata:
name: cluster
spec:
controllerConfig:
componentConfigs:
- componentName: ExternalSecretsCoreController
extraArgs:
- --client-burst=200
- --client-qps=100
- --concurrent=20User-supplied arguments should take precedenn the same flag is specified, so that users
can also tune existing defaults (e.g. overriride --concurrent=1).
Problem
In high-throughput environments, the default external-secrets controller arguments are insufficient. Specifically, the default values for
--client-burst,--client-qps, and--concurrentcan cause the controller to fall behind on reconciliation under load, leading to delays in secret synchronisation.Currently the operator hardcodes the controller's argument list in
updateContainerSpecwith no way for users to override or extend them through theExternalSecretsConfigAPI.Desired behaviour
Users should be able to supply additional coxternal-secrets controller container (and
other components) through the ExternalSecret
User-supplied arguments should take precedenn the same flag is specified, so that users
can also tune existing defaults (e.g. overriride
--concurrent=1).