-
Notifications
You must be signed in to change notification settings - Fork 331
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(kuma-cp): don't let CA requests for other meshes block generation #6282
fix(kuma-cp): don't let CA requests for other meshes block generation #6282
Conversation
Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think what should happen is that we have a default timeout for ~10s if it's not defined on the Mesh object. The default should be in ca_provider.go
Default 1 second is not a good idea IMHO, it's too low.
Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please change the description of the PR with short explanation why we need default timeout. Also update proto of Mesh to say that when not specified it's 10s.
I think we should also add a default timeout for the identity cert provider, because you may hit the same issue.
Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
@Mergifyio backport release-2.1 |
✅ Backports have been created
|
… (backport #6282) (#6284) fix(kuma-cp): don't let CA requests for other meshes block generation (#6282) This PR adds a default timeout of 10s to calls of GetRootCert for the case that the CA manager takes too long, so that it doesn't block generation, especially in the cross-mesh case. Signed-off-by: Mike Beaumont <mjboamail@gmail.com> (cherry picked from commit 463e6b2) Co-authored-by: Mike Beaumont <mjboamail@gmail.com>
This PR adds a default timeout to calls of
GetRootCert
for the case that the CA manager takes too long, so that it doesn't block generation, especially in the cross-mesh case.Checklist prior to review
syscall.Mkfifo
have equivalent implementation on the other OS --UPGRADE.md
? --> Changelog:
entry here or add aci/
label to run fewer/more tests?