[v16] Reduce resource consumption when generating Kubernetes certificates#52147
Merged
rosstimothy merged 2 commits intobranch/v16from Mar 20, 2025
Merged
[v16] Reduce resource consumption when generating Kubernetes certificates#52147rosstimothy merged 2 commits intobranch/v16from
rosstimothy merged 2 commits intobranch/v16from
Conversation
rosstimothy
force-pushed
the
tross/backport-52109/v16
branch
2 times, most recently
from
f9627ad to
299f3e2
Compare
github-actions
Bot
added
kubernetes-access
size/sm
tctl
avatus
approved these changes
Feb 21, 2025
tigrato
approved these changes
Feb 24, 2025
…52109) Closes #52073. The requested Kubernetes cluster is now cross referenced with the KubeServers in the unified resource cache. This results in a reduction in CPU, memory, and cert generation latency. This also cleans up some of the helper functions in lib/kube/utils that were no longer needed, and suboptimal. The client side changes here shouldn't have any impact, as the server is performing the same check, and returning the equivalent error the client side code used to. This will also cut the time of `tctl auth sign` in half as both the client and server were performing the same expensive CheckKubeCluster operation.
#52109 added a dependency on the unified resource cache to user cert generation to reduce resource consumption. A number of tests that exercise generating Kubernetes user certs were either not waiting for the Kubernetes resources to exist prior to authentication and getting lucky, or checking that the resources were in the auth cache, but not the unified resource cache. This attempts to cover any tests which generate Kubernetes user certificates to verify that the unified resource cache contains the expected cluster before proceeding. Fixes #52157. Fixes #52441.
rosstimothy
force-pushed
the
tross/backport-52109/v16
branch
from
299f3e2 to
ef6f974
Compare
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport #52109 and #52442 to branch/v16
Changelog: Improve latency and reduce resource consumption of generating Kubernetes certificates via tctl auth sign and tsh kube login.