frontend: Container env vars: show secret value for secretKeyRef#4706
frontend: Container env vars: show secret value for secretKeyRef#4706pavitar-rana wants to merge 1 commit intokubernetes-sigs:mainfrom
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: pavitar-rana The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Pull request overview
This PR refactors the container environment variables display to fix issue #4555, where secret values from valueFrom.secretKeyRef were incorrectly showing the key name instead of the actual decoded secret value. The previous implementation used Secret.useGet / ConfigMap.useGet which created one WebSocket watcher per resource, potentially exhausting browser connection limits (typically 6 per origin) when pods reference many Secrets/ConfigMaps.
Changes:
- Replaced per-resource WebSocket watchers with fetch-only HTTP requests using React Query's
useQueries - Added
useResourcesFetchOnlyhook that fetches Secrets and ConfigMaps in parallel without establishing WebSocket connections - Simplified
ContainerEnvironmentVariablescomponent by removing state management and callback patterns in favor of direct hook calls
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // eslint-disable-next-line react-hooks/exhaustive-deps | ||
| }, [names, ...results.map(r => r.data)]); |
There was a problem hiding this comment.
The dependency array contains a spread of results.map(r => r.data), which creates a new array on every render. This causes the useMemo to recompute on every render, defeating its purpose. Consider using a different approach such as:
- Use the
combineoption inuseQueriesto transform the results directly (similar to the pattern inuseKubeObjectList.ts) - Or, track individual result data items by adding each
result.datato the dependency array without spreading, though this is verbose - Or, use a custom deep comparison function
The current implementation with the eslint-disable comment suggests this was an intentional workaround, but it's worth reconsidering for performance.
|
|
||
| // Extract all references upfront (pure function, no hooks) | ||
| const references = extractEnvVarReferences(container); | ||
| const references = extractEnvVarReferences(container as KubeContainer); |
There was a problem hiding this comment.
The type cast container as KubeContainer is unnecessary and potentially misleading. The function extractEnvVarReferences already uses optional chaining (container?.env, container?.envFrom) to handle undefined containers safely. The type declaration for container in EnvironmentVariablesProps already indicates it can be undefined (container?: KubeContainer), so the cast doesn't add type safety and could hide issues.
Consider removing the type cast and letting TypeScript use the natural type.
| const references = extractEnvVarReferences(container as KubeContainer); | |
| const references = extractEnvVarReferences(container); |
There was a problem hiding this comment.
Worth a look. Usually it is a good idea to avoid using as because generally it hides bugs. Sometimes you need to handle the cases it brings up.
In rare cases it can be there’s a reason the types don’t work or the types are wrong and as can work around that. If this is one of those cases please add a comment there explaining the issue. Then someone later can get to it.
illume
left a comment
There was a problem hiding this comment.
Looking good. There’s two minor review comments there, but otherwise it looks good IMHO.
Thanks for that.
Summary
This PR replaces the per-resource watcher pattern (
SecretFetcher/ConfigMapFetcherusingSecret.useGet/ConfigMap.useGet) with a fetch-only approach usinguseQueriesfrom@tanstack/react-query.The previous implementation created one WebSocket watch per secret and per configmap, which could quickly exhaust browser connection limits (~6 per origin) for Pods referencing many Secrets/ConfigMaps.
Related Issue
Fixes #4555
Changes
Added
useResourcesFetchOnlyhookuseQueriesclusterFetchstaleTime: 30s)Map<string, FetchedResource>Updated
ContainerEnvironmentVariablesuseStateSecretFetcher/ConfigMapFetchercomponent patternuseResourcesFetchOnly