Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Fix racy lazyEcrProvider updates #82550
What type of PR is this?
What this PR does / why we need it: There is a race in the ECR credentials provider kubernetes 1.11-1.13 and probably earlier that causes kubelet to immediately panic. It's not in 1.14.?+ because the ECR credentials provider was refactored and the patch for that was backported to 1.14 (#78164).
The problem is that LazyProvide is not thread-safe. The variable ecrProvider.getter is written to in 2 places & read from 1:
Write 1: https://github.com/kubernetes/kubernetes/blob/release-1.13/pkg/credentialprovider/aws/aws_credentials.go#L127 (write getter to nil)
If between Write 2 and Read in Thread 1, Thread 2 executes Write 1, then Thread 1 will get a nil panic when it does the Read.
Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
@wongma7: This PR is not for the master branch but does not have the
To approve the cherry-pick, please ping the kubernetes/patch-release-team in a comment when ready.
See also Kubernetes Patch Releases
@wongma7: The label(s)
I've added a test.
Without the lock in
With the lock in
[APPROVALNOTIFIER] This PR is APPROVED
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing