github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
52,952 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

8 Commits (a4996c99d44b7de2801b2a9690674ae61ad9fc13)

Author SHA1 Message Date
Kubernetes Submit Queue 42adb9ef25 Merge pull request #50258 from liggitt/token-cache 
Automatic merge from submit-queue (batch tested with PRs 49488, 50407, 46105, 50456, 50258)

Enable caching successful token authentication

Resolves #50472

To support revocation of service account tokens, an etcd lookup of the token and service account is done by the token authenticator. Controllers that make dozens or hundreds of API calls per second (like the endpoints controller) cause this lookup to be done very frequently on the same objects.

This PR:
* Implements a cached token authenticator that conforms to the authenticator.Token interface
* Implements a union token authenticator (same approach as the union request authenticator, conforming to the authenticator.Token interface)
* Cleans up the auth chain construction to group all token authenticators (means we only do bearer and websocket header parsing once)
* Adds a 10-second TTL cache to successful token authentication

```release-note
API server authentication now caches successful bearer token authentication results for a few seconds.
```
 2017-08-11 14:14:06 -07:00
Jeff Grafton a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton 33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Jordan Liggitt 4fd8196cf5
Add union token authenticator 2017-08-09 23:37:04 -04:00
Jordan Liggitt 1670ba58d5
Add token cache component 2017-08-09 23:36:43 -04:00
Jordan Liggitt 06c49423ed
Generated files 2017-08-09 17:04:54 -04:00
Dr. Stefan Schimanski 3cb93f7269 Update generated files 2017-08-04 08:10:38 +02:00
Jeff Grafton 3579017b86 Run hack/update-bazel.sh to generate BUILD files 2017-08-02 18:33:25 -07:00