Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

clusterCache: lock namespacedResources, don't miss finding live obj if obj is cluster-scoped and namespacedResources is in transition #597

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

clusterCache: lock namespacedResources, don't miss finding live obj if obj is cluster-scoped and namespacedResources is in transition #597

wants to merge 2 commits into from

Commits on Jul 1, 2024

  1. sync.Reconcile: guard against incomplete discovery 

    When Reconcile performs its logic to compare the desired state (target
objects) against the actual state (live objects), it looks up each live
object based on a key comprised of data from the target object: API
group, API kind, namespace, and name. While group, kind, and name will
always be accurate, there is a chance that the value for namespace is
not. If a cluster-scoped target object has a namespace (because it
incorrectly has a namespace from its source) or the namespace parameter
passed into the Reconcile method has a non-empty value (indicating a
default value to use on namespace-scoped objects that don't have it set
in the source), AND the resInfo ResourceInfoProvider has incomplete or
missing API discovery data, the call to IsNamespacedOrUnknown will
return true when the information is unknown. This leads to the key being
incorrect - it will have a value for namespace when it shouldn't. As a
result, indexing into liveObjByKey will fail. This failure results in
the reconciliation containing incorrect data: there will be a nil entry
appended to targetObjs when there shouldn't be.

Signed-off-by: Andy Goldstein <andy.goldstein@gmail.com>
    @ncdc
    ncdc committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    3728359 View commit details
    Browse the repository at this point in the history

  2. clusterCache: add RWMutex for namespacedResources 

    namespacedResources is accessed by multiple goroutines simultaneously
and therefore must be guarded by a mutex. Because this field is read
significantly more often than it's written, use an RWMutex.

Signed-off-by: Andy Goldstein <andy.goldstein@gmail.com>
    @ncdc
    ncdc committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    a7ddaf7 View commit details
    Browse the repository at this point in the history