Runtime Watcher is mostly a validation webhook deployed by Lifecycle Manager in a Kyma cluster. It watches changes in the resources, configured by Watcher custom resources (CRs) in Kyma Control Plane (KCP).
The main Kyma use case for the Runtime Watcher is to reduce Lifecycle Manager's workload which results in a longer success-requeue-interval. With Runtime Watcher enabled and a Watcher CR properly configured, Kyma CRs should be requeued and reconciled only when a Kyma CR spec changes on a Kyma cluster.
Runtime Watcher is able to watch any kind of resources and subresources. It can watch on status or spec changes of those different resources. More details can be found in the Watcher CR definition.
The workflow of Runtime Watcher includes the following main components:
Watcher CRs configure the Virtual Services in KCP, which are used as a reverse proxy to route incoming requests to the correct operator. Watcher CRs are also used to configure the Runtime Watcher deployed in each Kyma cluster. For more details, see the Watcher CR document.
The Runtime Watcher mechanism consists of multiple parts. First, it contains a ValidationWebhookConfiguration with one or more webhooks to handle admission requests. It is used to validate CRUD actions on Kubernetes resources, for the general watch mechanism inside the SKR. These webhooks are configured by Lifecycle Manager using the Watcher CRs. In addition, a deployment is attached to the webhook, which is the receiver for the validation requests. The deployment converts the validation requests into WatchEvents, which are sent to KCP using an mTLS connection. To establish the connection from a Kyma shoot cluster (SKR) to KCP, Lifecycle Manager deploys a Secret with a TLS certificate in each Kyma cluster.
The Listener package simplifies setting up an endpoint for an operator residing in KCP, which should receive the WatchEvents sent by the SKR webhook to KCP. See Kyma Listener Package.
For more information on how to set up Runtime Watcher for an arbitrary resource, see Configuring Runtime Watcher.
See the Contributing Rules.
The release process is described in the How To Release document. For more information on Runtime Watcher's architecture, see the Architecture document.
See the Code of Conduct document.
See the license file.