github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
k3s/cmd
History
Kubernetes Submit Queue 42adb9ef25 Merge pull request #50258 from liggitt/token-cache 
Automatic merge from submit-queue (batch tested with PRs 49488, 50407, 46105, 50456, 50258)

Enable caching successful token authentication

Resolves #50472

To support revocation of service account tokens, an etcd lookup of the token and service account is done by the token authenticator. Controllers that make dozens or hundreds of API calls per second (like the endpoints controller) cause this lookup to be done very frequently on the same objects.

This PR:
* Implements a cached token authenticator that conforms to the authenticator.Token interface
* Implements a union token authenticator (same approach as the union request authenticator, conforming to the authenticator.Token interface)
* Cleans up the auth chain construction to group all token authenticators (means we only do bearer and websocket header parsing once)
* Adds a 10-second TTL cache to successful token authentication

```release-note
API server authentication now caches successful bearer token authentication results for a few seconds.
```
 		2017-08-11 14:14:06 -07:00
..
clicheck Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
cloud-controller-manager Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
gendocs Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
genkubedocs Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
genman Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
genslateyaml Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
genswaggertypedocs Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
genutils Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
genyaml Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
gke-certificates-controller Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
hyperkube Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
importverifier Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
kube-apiserver Merge pull request #50258 from liggitt/token-cache 2017-08-11 14:14:06 -07:00
kube-controller-manager Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
kube-proxy Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
kubeadm Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
kubectl Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
kubelet Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
kubemark Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
linkcheck Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
mungedocs Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
BUILD Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
OWNERS Updated top level owners file to match new format 2017-01-19 11:29:16 -08:00