Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Make auth-webhook async This converts auth-webhook from a synchronous Flask app managed by gunicorn to an asynchronous aiohttp app managed by gunicorn. This allows it to process any number of concurrent requests even if requests end up blocked or timing out on a configured external auth endpoint (keystone, custom addr, etc). Fixes: [lp:1927145][] [lp:1927145]: https://bugs.launchpad.net/charm-kubernetes-master/+bug/1927145 * Fix verify_ssl flag after failed cert Co-authored-by: Kevin W Monroe <kevin.monroe@canonical.com> * Fix rendering of extra auth URLs when they are None Co-authored-by: Kevin W Monroe <kevin.monroe@canonical.com> * Fix api_ver to be rendered as template var, not dynamic route Co-authored-by: Kevin W Monroe <kevin.monroe@canonical.com> * Cache secrets in memory Cache the secrets in memory and refresh them in a background task, rather than hitting the API server again on every request. Also fixes the subprocess / kubectl calls not actually being async. * Improve error handling around request and config file parsing * Add test for auth load / slow custom endpoint * Fix lint errors Apparently, I needed to recreate the tox env to update dependencies. * Add retry for reading kube config to account for race between charm and webhook * Drop Flask and Werkzeug, and pin aiohttp Co-authored-by: Kevin W Monroe <kevin.monroe@canonical.com>
- Loading branch information
