-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug: auto-generated apisix id is likely to be duplicated in containerized environments #5417
Comments
Maybe we can suffix some rand bytes from thibaultcha/lua-resty-jit-uuid#19 (comment) |
Good idea. |
@leslie-tsang |
Sure. |
After reading the lua-resty-jit-uuid's issue, there are three solution for this issue:
@spacewander @tokers What do you guys think ? |
I vote for the kong way. |
vote the kong way too |
Vote for Kong, it's on a higher level. |
Considering a more stable production purpose use, how about we did our best in the k8s environment or something else? |
It seems like the same as Kong one? |
After a careful look at the two implementations, the core is the same. Let's do it. |
I want to fix this bug as an first step to contribute to apisix. As an newbie, I had one question:
|
Which one is the best, then use which one. |
I prefer patch |
If we patch the math.randomsee globally as the kong way, we need to add a module as the global patch. Is it a good choice to put the module in the core? |
Or add randomsed in apisix/patch.lua |
I prefer this way. what is your opinion? @spacewander |
Issue description
Currently, Apache APISIX will generate an id while initializing if the user doesn't specify one, and it relies on the lua-resty-jit-uuid library but without an explicit seed.
apisix/apisix/core/id.lua
Lines 76 to 78 in 4dafab5
While the jit-uuid library creates the seed by the process id and the time in ngx_lua context.
https://github.com/thibaultcha/lua-resty-jit-uuid/blob/82538049040ae85ff880b79886f21d8593140c7d/lib/resty/jit-uuid.lua#L53-L54
However, in a containerized environment, the process id (the master process) might be the same, i.e. the No. 1 process, also, if users try to deploy Apache APISIX clusters on Kubernetes through the
Deployment
resource, the time might be the same for several Pods, sincengx.time
doesn't have enough precisions (only at milliseconds level). so the generated apisix id might be duplicated, and if the id is critical, this may cause some fatal problems in the business scenarios.Environment
apisix version
):uname -a
):nginx -V
oropenresty -V
):curl http://127.0.0.1:9090/v1/server_info
to get the info from server-info API):luarocks --version
):Steps to reproduce
N/A
Actual result
N/A
Error log
N/A
Expected result
No response
The text was updated successfully, but these errors were encountered: