Skip to content

feat: add performance improvements #1065

Merged
oliverbaehler merged 5 commits into
projectcapsule:mainfrom
oliverbaehler:feat/cert-duration
Jul 1, 2026
Merged

feat: add performance improvements #1065
oliverbaehler merged 5 commits into
projectcapsule:mainfrom
oliverbaehler:feat/cert-duration

Conversation

@oliverbaehler

Copy link
Copy Markdown
Collaborator

No description provided.

Signed-off-by: Oliver Baehler <oliver@sudo-i.net>
Signed-off-by: Oliver Baehler <oliver@sudo-i.net>
Signed-off-by: Oliver Baehler <oliver@sudo-i.net>
Signed-off-by: Oliver Baehler <oliver@sudo-i.net>
Copilot AI review requested due to automatic review settings July 1, 2026 12:53

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces several runtime and deployment-level changes aimed at improving request handling performance and adding optional Kubernetes API Priority and Fairness (APF) support for capsule-proxy.

Changes:

  • Add cached user/group reuse in GetUserAndGroups() and a test verifying the cache prevents duplicate TokenReview calls.
  • Improve XFCC parsing error reporting and escaping behavior.
  • Add cluster-scoped resource discovery/validation helpers and introduce optional Helm APF (FlowSchema + PriorityLevelConfiguration) configuration.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
internal/runtime/validation/cluster_resource.go Adds discovery-backed validation utilities for cluster-scoped resources and allowed operations.
internal/request/xfcc.go Enhances XFCC parsing error context and handling of escapes within quoted strings.
internal/request/http.go Uses cached username/groups from request context to avoid repeated authentication work.
internal/request/http_test.go Updates websocket bearer test data and adds a test to ensure caching is used.
charts/capsule-proxy/values.yaml Adds APF-related values for FlowSchema/PriorityLevelConfiguration.
charts/capsule-proxy/values.schema.json Adds schema for the new APF values.
charts/capsule-proxy/templates/flowschema.yaml Adds templated APF resources gated by a values flag and API availability.
charts/capsule-proxy/README.md Documents the new APF chart values.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

}

errs = append(errs, fmt.Errorf(
"%s.operations[%d]: unsupported operation %q, only %q is supported",

if !slices.Contains(resource.Verbs, "list") {
errs = append(errs, fmt.Errorf(
"%s.resources: resource %q in API group %q does not support LIST",
@oliverbaehler oliverbaehler merged commit 7e9c43f into projectcapsule:main Jul 1, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants