Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated cherry pick of #112017: exec auth: support TLS config caching #112339

Merged
merged 2 commits into from Sep 9, 2022
Merged

Automated cherry pick of #112017: exec auth: support TLS config caching #112339

merged 2 commits into from Sep 9, 2022

Conversation

enj
Copy link
Member

@enj enj commented Sep 8, 2022
edited

Cherry pick of #112017 on release-1.22.

#112017: exec auth: support TLS config caching

For details on the cherry pick process, see the cherry pick requests page.

Fix an ephemeral port exhaustion bug caused by improper connection management that occurred when a large number of objects were handled by kubectl while exec auth was in use.

@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone Sep 8, 2022
@k8s-ci-robot k8s-ci-robot added do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Sep 8, 2022
@k8s-ci-robot k8s-ci-robot added sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Sep 8, 2022
@liggitt
Copy link
Member

liggitt commented Sep 8, 2022

Unit test failure is legitimate

@k8s-ci-robot k8s-ci-robot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Sep 9, 2022
@enj
Copy link
Member Author

enj commented Sep 9, 2022

/kind bug
/triage accepted

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Sep 9, 2022
@enj
Copy link
Member Author

enj commented Sep 9, 2022

/priority important-soon

@k8s-ci-robot k8s-ci-robot added priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Sep 9, 2022
@enj
client-go exec: make sure round tripper can be unwrapped
02b0b8d 
Signed-off-by: Monis Khan <mok@vmware.com>
@enj
exec auth: support TLS config caching
b1b8578 
This change updates the transport.Config .Dial and .TLS.GetCert fields
to use a struct wrapper.  This indirection via a pointer allows the
functions to be compared and thus makes them valid to use as map keys.
This change is then leveraged by the existing global exec auth and TLS
config caches to return the same authenticator and TLS config even when
distinct but identical rest configs were used to create distinct
clientsets.

Signed-off-by: Monis Khan <mok@microsoft.com>
@enj enj force-pushed the automated-cherry-pick-of-#112017-upstream-release-1.22 branch from c59216b to b1b8578 Compare September 9, 2022 00:18
@enj
Copy link
Member Author

enj commented Sep 9, 2022

Unit test failure is legitimate

I cherry picked #106014 which should fix the test failure.

@enj
Copy link
Member Author

enj commented Sep 9, 2022

/retest

Unrelated failure.

@liggitt
Copy link
Member

liggitt commented Sep 9, 2022

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Sep 9, 2022
@liggitt
Copy link
Member

liggitt commented Sep 9, 2022

cc @kubernetes/release-managers

@liggitt
Copy link
Member

liggitt commented Sep 9, 2022

From https://github.com/kubernetes/website/blob/main/content/en/releases/patch-releases.md#122:

Next patch release is 1.22.14. Since 1.22 is in maintenance mode, this patch release may not be shipped. For more information, see the Support Period policy above.

This PR is a good reason to ship 1.22.14, in my opinion. It fixes a rare but impactful issue in client-go and kubectl encountered when using exec auth plugins, which are GA in 1.22

@saschagrunert saschagrunert added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. and removed do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. labels Sep 9, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: enj, liggitt, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit c400c8b into kubernetes:release-1.22 Sep 9, 2022
@enj enj deleted the automated-cherry-pick-of-#112017-upstream-release-1.22 branch June 23, 2023 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saschagrunert saschagrunert saschagrunert approved these changes

@smarterclayton smarterclayton Awaiting requested review from smarterclayton

@wojtek-t wojtek-t Awaiting requested review from wojtek-t

Assignees

@liggitt liggitt

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
v1.22
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@enj @liggitt @k8s-ci-robot @saschagrunert