Remove github.com/gravitational/ttlmap dependency#46899
Merged
rosstimothy merged 12 commits intomasterfrom Oct 8, 2024
Merged
Remove github.com/gravitational/ttlmap dependency#46899rosstimothy merged 12 commits intomasterfrom
github.com/gravitational/ttlmap dependency#46899rosstimothy merged 12 commits intomasterfrom
Conversation
Joerger
added
the
no-changelog
github-actions
Bot
added
bpf
fspmarshall
approved these changes
Sep 24, 2024
Contributor
fspmarshall
left a comment
fspmarshall
left a comment
There was a problem hiding this comment.
LGTM once the new ttl cache methods have decent test coverage.
EdwardDowling
approved these changes
Sep 25, 2024
public-teleport-github-review-bot
Bot
removed the request for review
from rosstimothy
rosstimothy
force-pushed
the
joerger/remove-ttl-map
branch
from
045eb9b to
33102ce
Compare
fspmarshall
approved these changes
Oct 4, 2024
Joerger
force-pushed
the
joerger/remove-ttl-map
branch
2 times, most recently
from
705525f to
6109070
Compare
Contributor
Author
|
@fspmarshall We had to enabled Alternatively we could validate the session each time before checking the session cache in order to avoid recording failed entries - d82d439 WDYT? |
Contributor
|
@Joerger avoiding retention of a transient error sounds like a good use of it to me. I'm all for it. |
rosstimothy
force-pushed
the
joerger/remove-ttl-map
branch
from
8e6ceab to
89e6906
Compare
rosstimothy
force-pushed
the
joerger/remove-ttl-map
branch
from
37a22ac to
5b0e772
Compare
mvbrock
pushed a commit
that referenced
this pull request
Oct 16, 2024
* Replace sessionCache with FnCache. * Use FnCache in hostCertificate cache. * Use FnCache for forwarder transport cache. * Use a normal map for bpf arg collection. * Remove github.com/gravitational/ttlmap dependency. * Use FnCache for bfp. * fix: add test coverage to new FnCache methods * fix: handle cache error for bpf args * fix: bring back transport cache ttl const * fix: restore comments and fix spacing * fix: tidy integrations/terraform module * fix: app session cache should reload on transient errors --------- Co-authored-by: Tim Ross <tim.ross@goteleport.com>
tigrato
added a commit
that referenced
this pull request
Jan 30, 2025
PR #46899 introduced a subtle change in behavior to Kubernetes service where the direct transport - kube agent to Kubernetes API - is being cached for 5 hours. This breaks auto discovery because tokens are valid for 15 min but the HTTP transport that adds them is valid for 5, leaving the kubernetes service reusing the same expired token for 4h:45m. This PR fixes the incorrect behavior by ensuring the token is never cached. Fixes #51639 Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
tigrato
added a commit
that referenced
this pull request
Jan 30, 2025
PR #46899 introduced a subtle change in Kubernetes service behavior, where the direct transport—kube agent to Kubernetes API—is now cached for five hours. This disrupts auto-discovery because tokens are only valid for 15 minutes, while the HTTP transport that applies them remains valid for five hours. As a result, the Kubernetes service continues using the same expired token for 4 hours and 45 minutes. This PR resolves the issue by preventing token caching altogether. Fixes #51639 Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
tigrato
added a commit
that referenced
this pull request
Jan 30, 2025
PR #46899 introduced a subtle change in Kubernetes service behavior, where the direct transport—kube agent to Kubernetes API—is now cached for five hours. This disrupts auto-discovery because tokens are only valid for 15 minutes, while the HTTP transport that applies them remains valid for five hours. As a result, the Kubernetes service continues using the same expired token for 4 hours and 45 minutes. This PR resolves the issue by preventing token caching altogether. Fixes #51639 Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Jan 30, 2025
PR #46899 introduced a subtle change in Kubernetes service behavior, where the direct transport—kube agent to Kubernetes API—is now cached for five hours. This disrupts auto-discovery because tokens are only valid for 15 minutes, while the HTTP transport that applies them remains valid for five hours. As a result, the Kubernetes service continues using the same expired token for 4 hours and 45 minutes. This PR resolves the issue by preventing token caching altogether. Fixes #51639 Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
github-actions Bot
pushed a commit
that referenced
this pull request
Jan 30, 2025
PR #46899 introduced a subtle change in Kubernetes service behavior, where the direct transport—kube agent to Kubernetes API—is now cached for five hours. This disrupts auto-discovery because tokens are only valid for 15 minutes, while the HTTP transport that applies them remains valid for five hours. As a result, the Kubernetes service continues using the same expired token for 4 hours and 45 minutes. This PR resolves the issue by preventing token caching altogether. Fixes #51639 Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Jan 30, 2025
PR #46899 introduced a subtle change in Kubernetes service behavior, where the direct transport—kube agent to Kubernetes API—is now cached for five hours. This disrupts auto-discovery because tokens are only valid for 15 minutes, while the HTTP transport that applies them remains valid for five hours. As a result, the Kubernetes service continues using the same expired token for 4 hours and 45 minutes. This PR resolves the issue by preventing token caching altogether. Fixes #51639 Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
carloscastrojumo
pushed a commit
to carloscastrojumo/teleport
that referenced
this pull request
Feb 19, 2025
…tional#51640) PR gravitational#46899 introduced a subtle change in Kubernetes service behavior, where the direct transport—kube agent to Kubernetes API—is now cached for five hours. This disrupts auto-discovery because tokens are only valid for 15 minutes, while the HTTP transport that applies them remains valid for five hours. As a result, the Kubernetes service continues using the same expired token for 4 hours and 45 minutes. This PR resolves the issue by preventing token caching altogether. Fixes gravitational#51639 Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replace
github.com/gravitational/ttlmapwithutils.FnCache.