-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve concurrency and cache for kubelet credential provider #102168
Conversation
/cc @andrewsykim @liggitt |
3cfeaed
to
cf19adc
Compare
4ad9be3
to
0d11d2e
Compare
0d11d2e
to
e575a76
Compare
Posting down here to make sure it does not get lost: #102168 (comment) |
647f36e
to
2ecc76f
Compare
/test pull-kubernetes-e2e-gce-ubuntu-containerd |
/cc @liggitt Please take a look again |
@adisky: GitHub didn't allow me to request PR reviews from the following users: Please, take, a, look, again. Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Improve concurrency and cache for credential provider Removed lock from "Provide" as it can be called in parallel from image puller. To avoid execing for the same image concurrently wrapped exec in singleflight. Purging the cache for expried data with 15mins interval only when a request for credential is made. KEP:2133 Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
2ecc76f
to
def9331
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: adisky, liggitt The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@adisky: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/retest |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Improve concurrency and cache for credential provider
This is a part of beta requirement, This PR addresses some concurrency concerns that are required for beta.
Removed lock from "Provide" as it can be called in parallel from image puller. To avoid calling exec for the same image concurrently wrapped exec in singleflight.
Purging the cache for expired data with 15mins interval only when a request for credential is made.
Which issue(s) this PR fixes:
part of: kubernetes/enhancements#2133
Special notes for your reviewer:
Addresses part of https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2133-kubelet-credential-providers#alpha---beta-graduation
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
/sig node auth cloud-provider
Signed-off-by: Aditi Sharma adi.sky17@gmail.com