Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth map GC on Endpoint delete #27697

Merged
merged 1 commit into from Oct 13, 2023
Merged

Auth map GC on Endpoint delete #27697

merged 1 commit into from Oct 13, 2023

Conversation

meyskens
Copy link
Member

This change will trigger a endpoint list based auth map garbage collection on a delete call from the endpoint manager. This ensures instant deletion of an auth map entry if an endpoint gets deleted that was the last of a given security id.

Some of this is already done with the policy map GC. This change adds an aditional safeguard to it and does it on a delete event where the policy map only runs on scheduled intervals.

Auth map garbage collection will trigger if last local endpoint of a security identity was removed

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Aug 25, 2023
@meyskens meyskens added release-note/minor This PR changes functionality that users may find relevant to operating Cilium. area/servicemesh GH issues or PRs regarding servicemesh feature/authentication labels Aug 25, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Aug 25, 2023
@meyskens
Copy link
Member Author

meyskens commented Oct 5, 2023

/test

@meyskens meyskens marked this pull request as ready for review October 5, 2023 09:05
@meyskens meyskens requested a review from a team as a code owner October 5, 2023 09:05
youngnick
youngnick approved these changes Oct 12, 2023
View reviewed changes
Copy link
Contributor

@youngnick youngnick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tiniest of non-blocking format nits, but aside from that, LGTM. Nice work.

pkg/auth/authmap_gc.go Outdated Show resolved Hide resolved
@meyskens
Auth map GC on Endpoint delete
a50f9f5 
This change will trigger a endpoint list based auth map garbage
collection on a delete call from the endpoint manager.
This ensures instant deletion of an auth map entry if an endpoint gets
deleted that was the last of a given security id.

Some of this is already done with the policy map GC.
This change adds an additional safeguard to it and does it on a delete
event where the policy map only runs on scheduled intervals.

Signed-off-by: Maartje Eyskens <maartje.eyskens@isovalent.com>
@meyskens
Copy link
Member Author

/test

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Oct 12, 2023
@squeed squeed merged commit 4bf4de1 into cilium:main Oct 13, 2023
62 checks passed
@bimmlerd bimmlerd mentioned this pull request Nov 9, 2023
Closed
@marseel marseel mentioned this pull request Nov 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@youngnick youngnick youngnick approved these changes

Assignees
No one assigned
Labels
area/servicemesh GH issues or PRs regarding servicemesh feature/authentication ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@meyskens @youngnick @squeed