Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop storing stateless kubernetes keystores #21880

Merged
merged 8 commits into from Oct 19, 2020
Merged

Stop storing stateless kubernetes keystores #21880

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
e5abbda
Protect keystore map with mutex
ChrsMark Oct 16, 2020
ef269ab
Add changelog
ChrsMark Oct 16, 2020
21d61b1
lock once on read/write level
ChrsMark Oct 16, 2020
c811fa8
Make use of LoadOrStore
ChrsMark Oct 16, 2020
f0a8cd0
review comments
ChrsMark Oct 19, 2020
8af93be
fix changelog
ChrsMark Oct 19, 2020
3a03732
fix leftover comment
ChrsMark Oct 19, 2020
69a42c6
Update CHANGELOG.next.asciidoc
ChrsMark Oct 19, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Open in desktop
Expand Up @@ -373,6 +373,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fix retrieving resources by ID for the azure module. {pull}21711[21711] {issue}21707[21707]
- Use timestamp from CloudWatch API when creating events. {pull}21498[21498]
- Report the correct windows events for system/filesystem {pull}21758[21758]
- Protect kubernetes keystore map with mutex {pull}21880[21880]

*Packetbeat*

Expand Down
10 changes: 9 additions & 1 deletion libbeat/common/kubernetes/k8skeystore/kubernetes_keystore.go
View file
Open in desktop
Expand Up @@ -20,6 +20,7 @@ package k8skeystore
import (
"context"
"strings"
"sync"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
k8s "k8s.io/client-go/kubernetes"
Expand All @@ -38,6 +39,7 @@ type KubernetesKeystoresRegistry struct {
kubernetesKeystores KubernetesKeystores
logger *logp.Logger
client k8s.Interface
keystoreMapLock sync.RWMutex
}

// KubernetesSecretsKeystore allows to retrieve passwords from Kubernetes secrets for a given namespace
Expand All @@ -59,6 +61,7 @@ func NewKubernetesKeystoresRegistry(logger *logp.Logger, client k8s.Interface) k
kubernetesKeystores: KubernetesKeystores{},
logger: logger,
client: client,
keystoreMapLock: sync.RWMutex{},
}
}

Expand All @@ -76,11 +79,16 @@ func (kr *KubernetesKeystoresRegistry) GetKeystore(event bus.Event) keystore.Key
}
if namespace != "" {
// either retrieve already stored keystore or create a new one for the namespace
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment is not needed anymore.

Suggested change
// either retrieve already stored keystore or create a new one for the namespace

kr.keystoreMapLock.RLock()
if storedKeystore, ok := kr.kubernetesKeystores[namespace]; ok {
kr.keystoreMapLock.RUnlock()
return storedKeystore
}
kr.keystoreMapLock.RUnlock()
k8sKeystore, _ := Factoryk8s(namespace, kr.client, kr.logger)
kr.kubernetesKeystores["namespace"] = k8sKeystore
kr.keystoreMapLock.Lock()
ChrsMark marked this conversation as resolved.
Show resolved Hide resolved
kr.kubernetesKeystores[namespace] = k8sKeystore
kr.keystoreMapLock.Unlock()
return k8sKeystore
}
kr.logger.Debugf("Cannot retrieve kubernetes namespace from event: %s", event)
Expand Down