Optimize init map (#555)

* pool-manager/pods: Optimize InitMap by pre-filtering managed namespaces

Currently kubemacpool scans all pods cluster-wide and performs expensive
IsPodManaged() checks for each pod during startup. This causes slow
initialization in large clusters with many unmanaged namespaces.

Pre-compute managed namespaces once per webhook type and only scan pods
from those namespaces, eliminating redundant API calls and reducing
startup time.

Signed-off-by: Ram Lavi <ralavi@redhat.com>

* pool-manager/vms: Optimize InitMap by pre-filtering managed namespaces

Currently kubemacpool scans all VMs cluster-wide and performs expensive
IsVMManaged() checks for each VM during startup. This causes slow
initialization in large clusters with many unmanaged namespaces.

Pre-compute managed namespaces once per webhook type and only scan VMs
from those namespaces, eliminating redundant API calls and reducing
startup time.

Signed-off-by: Ram Lavi <ralavi@redhat.com>

* config: Increase readiness wait to 180s

To anticipate big clusters with 10K VMs, increasing the readiness probe
settle time to 3m.

Signed-off-by: Ram Lavi <ralavi@redhat.com>

---------

Signed-off-by: Ram Lavi <ralavi@redhat.com>

Author: RamLavi

config/default/manager/manager.yaml

@@ -131,7 +131,7 @@ spec:
             port: webhook-server
             scheme: HTTPS
           initialDelaySeconds: 10
-          periodSeconds: 10
+          periodSeconds: 180
         livenessProbe:
           httpGet:
             httpHeaders:

config/release/kubemacpool.yaml

@@ -307,7 +307,7 @@ spec:
             port: webhook-server
             scheme: HTTPS
           initialDelaySeconds: 10
-          periodSeconds: 10
+          periodSeconds: 180
         resources:
           requests:
             cpu: 100m

config/test/kubemacpool.yaml

@@ -308,7 +308,7 @@ spec:
             port: webhook-server
             scheme: HTTPS
           initialDelaySeconds: 10
-          periodSeconds: 10
+          periodSeconds: 180
         resources:
           requests:
             cpu: 100m

pkg/pool-manager/pod_pool.go

@@ -26,7 +26,6 @@ import (
 	"github.com/pkg/errors"
 	multus "gopkg.in/k8snetworkplumbingwg/multus-cni.v3/pkg/types"
 	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	networkv1 "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1"
@@ -194,14 +193,36 @@ func (p *PoolManager) allocatePodFromPool(network *multus.NetworkSelectionElemen
 	return macAddr.String(), nil
 }
 
-// paginatePodsWithLimit performs a pods list request with pagination, to limit the amount of pods received at a time
-// and prevent exceeding the memory limit.
-func (p *PoolManager) paginatePodsWithLimit(limit int64, f func(pods *corev1.PodList) error) error {
+// paginatePodsInManagedNamespaces performs pod list requests with pagination, but only for managed namespaces
+func (p *PoolManager) paginatePodsInManagedNamespaces(limit int64, f func(pods *corev1.PodList) error) error {
+	managedNamespaces, err := p.getManagedNamespaces(podsWebhookName)
+	if err != nil {
+		return errors.Wrap(err, "failed to get managed namespaces for pods")
+	}
+
+	if len(managedNamespaces) == 0 {
+		log.Info("no managed namespaces found, skipping pod initialization")
+		return nil
+	}
+
+	for _, namespace := range managedNamespaces {
+		log.V(1).Info("processing pods in managed namespace", "namespace", namespace)
+		err := p.paginatePodsInNamespace(namespace, limit, f)
+		if err != nil {
+			return errors.Wrapf(err, "failed to process pods in namespace %s", namespace)
+		}
+	}
+
+	return nil
+}
+
+// paginatePodsInNamespace performs pods list request with pagination for a specific namespace
+func (p *PoolManager) paginatePodsInNamespace(namespace string, limit int64, f func(pods *corev1.PodList) error) error {
 	continueFlag := ""
 	for {
 		pods := corev1.PodList{}
 		err := p.kubeClient.List(context.TODO(), &pods, &client.ListOptions{
-			Namespace: metav1.NamespaceAll,
+			Namespace: namespace,
 			Limit:     limit,
 			Continue:  continueFlag,
 		})
@@ -215,7 +236,7 @@ func (p *PoolManager) paginatePodsWithLimit(limit int64, f func(pods *corev1.Pod
 		}
 
 		continueFlag = pods.GetContinue()
-		log.V(1).Info("limit Pod list", "pods len", len(pods.Items), "remaining", pods.GetRemainingItemCount(), "continue", continueFlag)
+		log.V(1).Info("limit Pod list in namespace", "namespace", namespace, "pods len", len(pods.Items), "remaining", pods.GetRemainingItemCount(), "continue", continueFlag)
 		if continueFlag == "" {
 			break
 		}
@@ -225,7 +246,7 @@ func (p *PoolManager) paginatePodsWithLimit(limit int64, f func(pods *corev1.Pod
 
 func (p *PoolManager) initPodMap() error {
 	log.V(1).Info("start InitMaps to reserve existing mac addresses before allocation new ones")
-	err := p.paginatePodsWithLimit(100, func(pods *corev1.PodList) error {
+	err := p.paginatePodsInManagedNamespaces(100, func(pods *corev1.PodList) error {
 		for _, pod := range pods.Items {
 			log.V(1).Info("InitMaps for pod", "podName", pod.Name, "podNamespace", pod.Namespace)
 			if pod.Annotations == nil {
@@ -237,15 +258,6 @@ func (p *PoolManager) initPodMap() error {
 				continue
 			}
 
-			instanceManaged, err := p.IsPodManaged(pod.GetNamespace())
-			if err != nil {
-				continue
-			}
-
-			if !instanceManaged {
-				continue
-			}
-
 			networks, err := parsePodNetworkAnnotation(networkValue, pod.Namespace)
 			if err != nil {
 				continue
@@ -282,7 +294,7 @@ func (p *PoolManager) initPodMap() error {
 		return nil
 	})
 	if err != nil {
-		return errors.Wrap(err, "failed iterating over all cluster pods")
+		return errors.Wrap(err, "failed iterating over pods in managed namespaces")
 	}
 
 	return nil

pkg/pool-manager/pool.go

@@ -142,6 +142,27 @@ func (p *PoolManager) Start() error {
 	return nil
 }
 
+// getManagedNamespaces pre-computes which namespaces are managed by kubemacpool for a specific webhook
+func (p *PoolManager) getManagedNamespaces(webhookName string) ([]string, error) {
+	log.V(1).Info("computing managed namespaces for initialization", "webhookName", webhookName)
+
+	namespaces := &v1.NamespaceList{}
+	err := p.kubeClient.List(context.TODO(), namespaces)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to list namespaces for webhook %s", webhookName)
+	}
+
+	var managedNamespaces []string
+	for _, ns := range namespaces.Items {
+		if managed, err := p.IsNamespaceManaged(ns.Name, webhookName); err == nil && managed {
+			managedNamespaces = append(managedNamespaces, ns.Name)
+		}
+	}
+
+	log.Info("computed managed namespaces", "webhookName", webhookName, "count", len(managedNamespaces), "namespaces", managedNamespaces)
+	return managedNamespaces, nil
+}
+
 func (p *PoolManager) InitMaps() error {
 	err := p.initPodMap()
 	if err != nil {

pkg/pool-manager/virtualmachine_pool.go

@@ -314,15 +314,36 @@ func (p *PoolManager) initMacMapFromCluster(parentLogger logr.Logger) error {
 	return nil
 }
 
-// paginateVmsWithLimit performs a vm list request with pagination, to limit the amount of vms received at a time
-// and prevent taking too much memory.
-func (p *PoolManager) paginateVmsWithLimit(limit int64, vmsFunc func(pods *kubevirt.VirtualMachineList) error) error {
+// paginateVmsInManagedNamespaces performs VM list requests with pagination, but only for managed namespaces
+func (p *PoolManager) paginateVmsInManagedNamespaces(limit int64, vmsFunc func(vms *kubevirt.VirtualMachineList) error) error {
+	managedNamespaces, err := p.getManagedNamespaces(virtualMachnesWebhookName)
+	if err != nil {
+		return errors.Wrap(err, "failed to get managed namespaces for VMs")
+	}
+
+	if len(managedNamespaces) == 0 {
+		log.Info("no managed namespaces found for VMs, skipping VM initialization")
+		return nil
+	}
+
+	for _, namespace := range managedNamespaces {
+		log.V(1).Info("processing VMs in managed namespace", "namespace", namespace)
+		err := p.paginateVmsInNamespace(namespace, limit, vmsFunc)
+		if err != nil {
+			return errors.Wrapf(err, "failed to process VMs in namespace %s", namespace)
+		}
+	}
+
+	return nil
+}
+
+// paginateVmsInNamespace performs VM list request with pagination for a specific namespace
+func (p *PoolManager) paginateVmsInNamespace(namespace string, limit int64, vmsFunc func(vms *kubevirt.VirtualMachineList) error) error {
 	continueFlag := ""
 	for {
-		// Using a unstructured object.
 		vms := &kubevirt.VirtualMachineList{}
 		err := p.kubeClient.List(context.TODO(), vms, &client.ListOptions{
-			Namespace: metav1.NamespaceAll,
+			Namespace: namespace,
 			Limit:     limit,
 			Continue:  continueFlag,
 		})
@@ -336,7 +357,7 @@ func (p *PoolManager) paginateVmsWithLimit(limit int64, vmsFunc func(pods *kubev
 		}
 
 		continueFlag = vms.GetContinue()
-		log.V(1).Info("limit vms list", "vms len", len(vms.Items), "remaining", vms.GetRemainingItemCount(), "continue", continueFlag)
+		log.V(1).Info("limit vms list in namespace", "namespace", namespace, "vms len", len(vms.Items), "remaining", vms.GetRemainingItemCount(), "continue", continueFlag)
 		if continueFlag == "" {
 			break
 		}
@@ -347,18 +368,9 @@ func (p *PoolManager) paginateVmsWithLimit(limit int64, vmsFunc func(pods *kubev
 // forEachManagedVmInterfaceInClusterRunFunction gets all the macs from all the supported interfaces in all the managed cluster vms, and runs
 // a function vmInterfacesFunc on it
 func (p *PoolManager) forEachManagedVmInterfaceInClusterRunFunction(vmInterfacesFunc func(vmFullName string, iface kubevirt.Interface, networks map[string]kubevirt.Network) error) error {
-	err := p.paginateVmsWithLimit(100, func(vms *kubevirt.VirtualMachineList) error {
+	err := p.paginateVmsInManagedNamespaces(100, func(vms *kubevirt.VirtualMachineList) error {
 		logger := log.WithName("forEachManagedVmInterfaceInClusterRunFunction")
 		for _, vm := range vms.Items {
-			vmNamespace := vm.GetNamespace()
-			isNamespaceManaged, err := p.IsVirtualMachineManaged(vmNamespace)
-			if err != nil {
-				return errors.Wrap(err, fmt.Sprintf("failed to check if namespace %s is managed in current opt-mode", vmNamespace))
-			}
-			if !isNamespaceManaged {
-				logger.V(1).Info("skipping vm in loop iteration, namespace not managed", "vmNamespace", vmNamespace)
-				continue
-			}
 			vmFullName := VmNamespaced(&vm)
 			vmInterfaces := getVirtualMachineInterfaces(&vm)
 			vmNetworks := getVirtualMachineNetworks(&vm)
@@ -393,7 +405,7 @@ func (p *PoolManager) forEachManagedVmInterfaceInClusterRunFunction(vmInterfaces
 		return nil
 	})
 	if err != nil {
-		return errors.Wrap(err, "failed iterating over all cluster vms")
+		return errors.Wrap(err, "failed iterating over VMs in managed namespaces")
 	}
 	return nil
 }