-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auth: Switch to observing identity changes #26375
auth: Switch to observing identity changes #26375
Commits on Jun 27, 2023
-
auth: Switch to observing identity changes
Observe the identity changes via the CachingIdentityAllocator instead of using CiliumIdentity CRD directly. This both fixes the issue of having two informers (and thus double the bandwidth), but it also allows auth to work with the kvstore identity allocation backend. Co-authored-by: Marco Hofstetter <marco.hofstetter@isovalent.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for e30b654 - Browse repository at this point
Copy the full SHA e30b654View commit details -
helm: rename authentication.expiredGCInterval to gcInterval
This commit renames the helm value `authentication.expiredGCInterval` to `authentication.gcInterval` as it will be used for multiple types of auth related GC's. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 8e10ea8 - Browse repository at this point
Copy the full SHA 8e10ea8View commit details -
Latest changes reflect deleted identities and nodes only in the internal state of the garbage collector without deleting the related entries immediately. Therefore, this commit changes the auth map gc interval from `15m` to `5m` which reflects the changes faster in the map itself. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 6378638 - Browse repository at this point
Copy the full SHA 6378638View commit details -
auth: delete identity related auth map entries in gc job
Currently, auth map entries related to a deleted cilium identity are immediately deleted when the event has been received. The actual deletion might result in errors, which no longer can be reported back to the IdentityAllocator which emits the events. To prevent events result in errors, the events should no longer delete auth map entries. Therefore, this commit refactors that the deletion information is stored within the garbage collector, and the actual garbage collection run uses these information to cleanup the map. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for d7f2381 - Browse repository at this point
Copy the full SHA d7f2381View commit details -
auth: reordered garbage collector
This commit reorders the functions within the garbage collector Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 9351927 - Browse repository at this point
Copy the full SHA 9351927View commit details -
auth: delete nodes related auth map entries in gc job
Currently, auth map entries related to a deleted node are immediately deleted when the event has been received. To prevent events result in errors, the events should no longer delete auth map entries. Therefore, this commit refactors that the deletion information is stored within the garbage collector, and the actual garbage collection run uses these information to cleanup the map. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 7917814 - Browse repository at this point
Copy the full SHA 7917814View commit details -
This commit combines the different timer based auth map gc jobs into a single job. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 22bb8c9 - Browse repository at this point
Copy the full SHA 22bb8c9View commit details -
auth: fix cleanup expired auth entries log message
Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 3bc6788 - Browse repository at this point
Copy the full SHA 3bc6788View commit details -
auth: dedicated auth map gc test case per type
This commit separates the existing auth map gc tests into multiple tests per "type" * identities * nodes * policies * expiration Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 483d37a - Browse repository at this point
Copy the full SHA 483d37aView commit details -
This commit cleans up the auth module. * improve comments * renamed newAuthManager -> registerAuthManager * grouped params in authManagerParams * rename gc job names * split registration into instantiation & job/lifecycle registration sections Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Configuration menu - View commit details
-
Copy full SHA for 734794b - Browse repository at this point
Copy the full SHA 734794bView commit details