diff --git a/CHANGELOG.md b/CHANGELOG.md index 1b07db547a..987b218ff3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -99,6 +99,9 @@ Adding a new version? You'll need three changes: - `KongCustomEntity` is now supported by the `FallbackConfiguration` feature. [#6286](https://github.com/Kong/kubernetes-ingress-controller/pull/6286) +- It is now possible to disable synchronization of consumers to Konnect through the + flag `--konnect-disable-consumers-sync`. + [#6313](https://github.com/Kong/kubernetes-ingress-controller/pull/6313) ### Fixed diff --git a/docs/cli-arguments.md b/docs/cli-arguments.md index eb3251ea2e..f851f9803c 100644 --- a/docs/cli-arguments.md +++ b/docs/cli-arguments.md @@ -67,6 +67,7 @@ | `--kong-workspace` | `string` | Kong Enterprise workspace to configure. Leave this empty if not using Kong workspaces. | | | `--konnect-address` | `string` | Base address of Konnect API. | `https://us.kic.api.konghq.com` | | `--konnect-control-plane-id` | `string` | An ID of a control plane that is to be synchronized with data plane configuration. | | +| `--konnect-disable-consumers-sync` | `bool` | Disable synchronization of consumers with Konnect. | `false` | | `--konnect-initial-license-polling-period` | `duration` | Polling period to be used before the first license is retrieved. | `1m0s` | | `--konnect-license-polling-period` | `duration` | Polling period to be used after the first license is retrieved. | `12h0m0s` | | `--konnect-licensing-enabled` | `bool` | Retrieve licenses from Konnect if available. Overrides licenses provided via the environment. | `false` | diff --git a/internal/adminapi/client.go b/internal/adminapi/client.go index 35e2deb6a1..0fb7501c04 100644 --- a/internal/adminapi/client.go +++ b/internal/adminapi/client.go @@ -52,11 +52,12 @@ func NewTestClient(address string) (*Client, error) { type KonnectClient struct { Client - backoffStrategy UpdateBackoffStrategy + consumersSyncDisabled bool + backoffStrategy UpdateBackoffStrategy } // NewKonnectClient creates an Admin API client that is to be used with a Konnect Control Plane Admin API. -func NewKonnectClient(c *kong.Client, controlPlane string) *KonnectClient { +func NewKonnectClient(c *kong.Client, controlPlane string, consumersSyncDisabled bool) *KonnectClient { return &KonnectClient{ Client: Client{ adminAPIClient: c, @@ -64,7 +65,8 @@ func NewKonnectClient(c *kong.Client, controlPlane string) *KonnectClient { konnectControlPlane: controlPlane, pluginSchemaStore: util.NewPluginSchemaStore(c), }, - backoffStrategy: NewKonnectBackoffStrategy(clock.System{}), + backoffStrategy: NewKonnectBackoffStrategy(clock.System{}), + consumersSyncDisabled: consumersSyncDisabled, } } @@ -72,6 +74,10 @@ func (c *KonnectClient) BackoffStrategy() UpdateBackoffStrategy { return c.backoffStrategy } +func (c *KonnectClient) ConsumersSyncDisabled() bool { + return c.consumersSyncDisabled +} + // AdminAPIClient returns an underlying go-kong's Admin API client. func (c *Client) AdminAPIClient() *kong.Client { return c.adminAPIClient diff --git a/internal/adminapi/konnect.go b/internal/adminapi/konnect.go index 919a75593f..4d6dd754a0 100644 --- a/internal/adminapi/konnect.go +++ b/internal/adminapi/konnect.go @@ -28,6 +28,7 @@ type KonnectConfig struct { LicenseSynchronizationEnabled bool InitialLicensePollingPeriod time.Duration LicensePollingPeriod time.Duration + ConsumersSyncDisabled bool } func NewKongClientForKonnectControlPlane(c KonnectConfig) (*KonnectClient, error) { @@ -59,7 +60,7 @@ func NewKongClientForKonnectControlPlane(c KonnectConfig) (*KonnectClient, error if err != nil { return nil, err } - return NewKonnectClient(client, c.ControlPlaneID), nil + return NewKonnectClient(client, c.ControlPlaneID, c.ConsumersSyncDisabled), nil } // EnsureKonnectConnection ensures that the client is able to connect to Konnect. diff --git a/internal/dataplane/kong_client.go b/internal/dataplane/kong_client.go index 27834bb3bd..1cfa73e96d 100644 --- a/internal/dataplane/kong_client.go +++ b/internal/dataplane/kong_client.go @@ -740,6 +740,12 @@ func (c *KongClient) maybeSendOutToKonnectClient( return nil } + // In case users have many consumers, konnect sync can be very slow and cause dataplane sync issues. + // For this reason, if the --disable-consumers-sync flag is set, we do not send consumers to Konnect. + if konnectClient.ConsumersSyncDisabled() { + s.Consumers = nil + } + if _, err := c.sendToClient(ctx, konnectClient, s, config, isFallback); err != nil { // In case of an error, we only log it since we don't want the Konnect to affect the basic functionality // of the controller. diff --git a/internal/dataplane/kong_client_test.go b/internal/dataplane/kong_client_test.go index 1c326f419f..e708fa2159 100644 --- a/internal/dataplane/kong_client_test.go +++ b/internal/dataplane/kong_client_test.go @@ -961,7 +961,7 @@ func mustSampleKonnectClient(t *testing.T) *adminapi.KonnectClient { require.NoError(t, err) rgID := uuid.NewString() - return adminapi.NewKonnectClient(c, rgID) + return adminapi.NewKonnectClient(c, rgID, false) } func mapClientsToUrls(clients *mockGatewayClientsProvider) []string { diff --git a/internal/manager/config.go b/internal/manager/config.go index 962e7a9353..47ad68ead1 100644 --- a/internal/manager/config.go +++ b/internal/manager/config.go @@ -313,6 +313,7 @@ func (c *Config) FlagSet() *pflag.FlagSet { flagSet.StringVar(&c.Konnect.TLSClient.Key, "konnect-tls-client-key", "", "Konnect TLS client key.") flagSet.StringVar(&c.Konnect.TLSClient.KeyFile, "konnect-tls-client-key-file", "", "Konnect TLS client key file path.") flagSet.DurationVar(&c.Konnect.RefreshNodePeriod, "konnect-refresh-node-period", konnect.DefaultRefreshNodePeriod, "Period of uploading status of KIC and controlled Kong instances.") + flagSet.BoolVar(&c.Konnect.ConsumersSyncDisabled, "konnect-disable-consumers-sync", false, "Disable synchronization of consumers with Konnect.") // Deprecated flags. flagSet.StringVar(&c.Konnect.ControlPlaneID, "konnect-runtime-group-id", "", "Use --konnect-control-plane-id instead.")