feat: enhance Namespace with missing policies#336
Conversation
|
@freeznet:Thanks for your contribution. For this PR, do we need to update docs? |
github-actions
Bot
added
the
doc-info-missing
There was a problem hiding this comment.
Pull Request Overview
This pull request enhances the PulsarNamespace resource with comprehensive policy configuration capabilities for rate limiting, storage management, security, and advanced features. The changes significantly expand the namespace configuration options available in the Pulsar operator.
- Rate Limiting Support: Adds comprehensive rate limiting controls for dispatch, publish, and subscribe operations
- Storage & Persistence Policies: Introduces BookKeeper persistence policies, compaction thresholds, and inactive topic management
- Security Enhancements: Adds encryption requirements, producer validation, and subscription authentication modes
Reviewed Changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
tests/utils/spec.go |
Adds three new helper functions for creating PulsarNamespace test objects with different policy configurations |
tests/operator/resources_test.go |
Comprehensive test coverage for new namespace policies including rate limiting, storage, and security configurations |
pkg/connection/reconcile_namespace.go |
Updates namespace reconciliation to include all new policy fields |
pkg/admin/interface.go |
Extends NamespaceParams interface with new policy configuration fields |
pkg/admin/impl.go |
Implements actual Pulsar admin API calls for applying the new namespace policies |
go.work.sum |
Updates Go module dependencies |
go.mod |
Updates k8s.io/api dependency version |
docs/pulsar_namespace.md |
Extensive documentation updates covering all new namespace policy options |
config/crd/bases/resource.streamnative.io_pulsarnamespaces.yaml |
CRD definition updates with new fields and validation rules |
api/v1alpha1/zz_generated.deepcopy.go |
Auto-generated deepcopy functions for new types |
api/v1alpha1/pulsarnamespace_types.go |
Type definitions for new namespace policy structures |
| }, | ||
| ReplicatorDispatchRate: &v1alpha1.DispatchRate{ | ||
| DispatchThrottlingRateInMsg: ptr.To[int32](800), | ||
| DispatchThrottlingRateInByte: ptr.To[int64](838860), // ~800KB |
There was a problem hiding this comment.
The comment '~800KB' is imprecise. The actual value 838860 bytes is approximately 819KB. Consider using a more accurate comment or adjusting the value to exactly 800KB (819200 bytes) for clarity.
| DispatchThrottlingRateInByte: ptr.To[int64](838860), // ~800KB | |
| DispatchThrottlingRateInByte: ptr.To[int64](838860), // ~819KB |
| retentionSize := resource.MustParse("50Gi") | ||
| bundle := int32(32) | ||
| var retentionTime rsutils.Duration = "48h" | ||
| var backlogQuotaTime rsutils.Duration = "24h" // Must be less than retentionTime to avoid conflicts |
There was a problem hiding this comment.
The comment indicates backlogQuotaTime 'Must be less than retentionTime to avoid conflicts', but retentionTime is 48h and backlogQuotaTime is 24h, which satisfies this constraint. However, this business rule should be enforced through validation rather than relying on comments and manual verification.
| var backlogQuotaTime rsutils.Duration = "24h" // Must be less than retentionTime to avoid conflicts | |
| var backlogQuotaTime rsutils.Duration = "24h" | |
| if backlogQuotaTime >= retentionTime { | |
| panic("backlogQuotaTime must be less than retentionTime to avoid conflicts") | |
| } |
| } else { | ||
| // Remove anti-affinity group if not specified |
There was a problem hiding this comment.
Automatically removing the anti-affinity group when not specified could be unexpected behavior. Consider making this behavior explicit or configurable, as users might expect the existing anti-affinity group to be preserved when the field is omitted from updates.
| } else { | |
| // Remove anti-affinity group if not specified | |
| } else if params.RemoveAntiAffinityGroup { | |
| // Explicitly remove anti-affinity group if the flag is set |
| if err != nil && !IsNotFound(err) { | ||
| return err |
There was a problem hiding this comment.
The error handling silently ignores 'not found' errors when removing anti-affinity groups, but other errors are returned without context. Consider adding logging or more descriptive error messages to help with debugging anti-affinity group management issues.
| if err != nil && !IsNotFound(err) { | |
| return err | |
| if err != nil { | |
| if IsNotFound(err) { | |
| fmt.Printf("Anti-affinity group not found for namespace %s: %v\n", completeNSName, err) | |
| } else { | |
| return fmt.Errorf("failed to delete anti-affinity group for namespace %s: %w", completeNSName, err) | |
| } |
(If this PR fixes a github issue, please add
Fixes #<xyz>.)Fixes #
(or if this PR is one task of a github issue, please add
Master Issue: #<xyz>to link to the master issue.)Master Issue: #
Motivation
Explain here the context, and why you're making that change. What is the problem you're trying to solve.
Modifications
Describe the modifications you've done.
Verifying this change
(Please pick either of the following options)
This change is a trivial rework / code cleanup without any test coverage.
(or)
This change is already covered by existing tests, such as (please describe tests).
(or)
This change added tests and can be verified as follows:
(example:)
Documentation
Check the box below.
Need to update docs?
doc-required(If you need help on updating docs, create a doc issue)
no-need-doc(Please explain why)
doc(If this PR contains doc changes)