Skip to content

Auto sync dev to stable (up to 28a60bd7)#119

Merged
github-actions[bot] merged 2 commits intostablefrom
lake-gate-20260320-144054
Mar 20, 2026
Merged

Auto sync dev to stable (up to 28a60bd7)#119
github-actions[bot] merged 2 commits intostablefrom
lake-gate-20260320-144054

Conversation

@github-actions
Copy link
Copy Markdown

@github-actions github-actions Bot commented Mar 20, 2026

Automated Sync from dev to stable

This PR automatically syncs the dev branch to the stable branch by creating a temporary branch directly from dev.

Latest commit: 28a60bd - fix: Add Secret to ByObject label filter for defense-in-depth
Total commits to sync: 2

⚠️ IMPORTANT: How to Merge

🚫 DO NOT use the GitHub merge button!

Once all checks are complete, comment /approve on this PR to automatically fast-forward merge the stable branch to point to the same commit as this temporary branch.

Only use the /approve command - the GitHub merge button will not work correctly for this automated sync process.

Pre-merge Checklist

Before approving this PR, please ensure the following tasks are completed:

  • PR checks: PR checks passed
  • E2E tests: Smoke and sanity tests passed against cluster with training operator image built from this PR
    • Build operator image locally (podman build -f build/images/training-operator/Dockerfile.rhoai .), upload it to quay
    • Adjust params.env file to reference uploaded image
    • Provision OCP cluster with latest ODH nightly
    • Install modified operator using update-training.sh (or manually)
    • Wait until training operator Pod is reprovisioned
    • Run smoke and sanity tests using Jenkins job or manually

Commits to be synced:

  • 22b0f90: fix: Restrict informer cache to operator-managed resources
  • 28a60bd: fix: Add Secret to ByObject label filter for defense-in-depth

This PR was created automatically by the sync workflow.

ugiordan added 2 commits March 20, 2026 15:33
@ugiordan @sutaakar
fix: Restrict informer cache to operator-managed resources
22b0f90 
Add label-selector filtering on the controller-runtime informer cache
so only resources carrying the operator-name label are cached. Without
filtering, the cache loads all Pods, Services, ConfigMaps, and RBAC
objects cluster-wide, causing unbounded memory growth under load.

Changes:
- Add newCacheOptions() with ByObject label selectors using "exists"
  requirement on the operator-name label
- Strip managed fields from cached objects (TransformStripManagedFields)
- Disable cache for ConfigMap and Secret client reads (DisableFor)
- Add operator-name label to MPI controller resources (ConfigMap,
  ServiceAccount, Role, RoleBinding) that were missing it
- Set GOMEMLIMIT=460MiB and add resource limits (512Mi) to deployment
@ugiordan @sutaakar
fix: Add Secret to ByObject label filter for defense-in-depth
28a60bd 
Add Secret to the ByObject cache configuration with the same
operator-name label filter used for other core types. While no
controller currently creates a Secret informer, this prevents
an unfiltered cluster-wide Secret watch if one is added in the future.
@sutaakar
Copy link
Copy Markdown

sutaakar commented Mar 20, 2026

/approve

@github-actions github-actions Bot merged commit 28a60bd into stable Mar 20, 2026
11 of 13 checks passed
@github-actions
Copy link
Copy Markdown
Author

github-actions Bot commented Mar 20, 2026

✅ Approved and merged! The stable branch has been fast-forwarded to point to the same commit as this temporary branch.

@github-actions github-actions Bot deleted the lake-gate-20260320-144054 branch March 20, 2026 14:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

lake-gate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sutaakar @ugiordan