djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ac9887afdc
ContainerImage.Pinniped/internal
History
Ryan Richard ca6c29e463 Fix deadlock during shutdown which prevented leader election cleanup 
Before this fix, the deadlock would prevent the leader pod from giving
up its lease, which would make it take several minutes for new pods to
be allowed to elect a new leader. During that time, no Pinniped
controllers could write to the Kube API, so important resources were not
being updated during that window. It would also make pod shutdown take
about 1 minute.

After this fix, the leader gives up its lease immediately, and pod
shutdown takes about 1 second. This improves restart/upgrade time and
also fixes the problem where there was no leader for several minutes
after a restart/upgrade.

The deadlock was between the post-start hook and the pre-shutdown hook.
The pre-shutdown hook blocked until a certain background goroutine in
the post-start hook finished, but that goroutine could not finish until
the pre-shutdown hook finished. Thus, they were both blocked, waiting
for each other infinitely. Eventually the process would be externally
killed.

This deadlock was most likely introduced by some change in Kube's
generic api server package related to how the many complex channels used
during server shutdown interact with each other, and was not noticed
when we upgraded to the version which introduced the change.
2023-09-20 16:54:24 -07:00
..
apiserviceref Use API service as owner ref for cluster scoped resources 2021-02-10 21:52:08 -05:00
authenticators Merge branch 'main' into dynamic_clients 2022-08-26 11:35:35 -07:00
celtransformer add celformer unit test demonstrating string regexp in CEL expressions 2023-09-13 12:31:00 -07:00
certauthority Reorganized FederationDomain packages to avoid circular dependency 2023-09-11 11:09:50 -07:00
clientcertissuer Reorganized FederationDomain packages to avoid circular dependency 2023-09-11 11:09:50 -07:00
clusterhost Update comments to indicate support for newer versions of Kubernetes 2023-08-29 15:40:52 -05:00
concierge Fix deadlock during shutdown which prevented leader election cleanup 2023-09-20 16:54:24 -07:00
config Use k8s.io/utils/ptr instead of k8s.io/utils/pointer, which is deprecated 2023-07-28 09:16:02 -05:00
constable Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
controller specify the container name when fetching keys from kube cert agent pod 2023-09-18 09:19:57 -07:00
controllerinit Upgrade the linter and fix all new linter warnings 2022-08-24 14:45:55 -07:00
controllerlib Fix deadlock during shutdown which prevented leader election cleanup 2023-09-20 16:54:24 -07:00
controllermanager Get tests to compile again and fix lint errors 2023-09-11 11:09:50 -07:00
crud Upgrade project Go dependencies 2022-12-14 08:47:16 -08:00
crypto Run 'go fix ./...' with go1.21.0 2023-09-06 14:52:01 -05:00
deploymentref Upgrade the linter and fix all new linter warnings 2022-08-24 14:45:55 -07:00
downward Upgrade the linter and fix all new linter warnings 2022-08-24 14:45:55 -07:00
dynamiccert Replace usages of deprecated funcs from the wait pkg 2023-05-10 11:41:11 -07:00
endpointaddr Add endpointaddr pkg for parsing host+port inputs. 2021-05-25 16:17:26 -05:00
execcredcache Inline and remove testutil.TempDir 2023-09-06 14:52:01 -05:00
federationdomain fix imports grouping in manager.go 2023-09-12 09:34:19 -07:00
fositestorage reorganize federation domain packages to be more intuitive 2023-09-11 11:11:52 -07:00
fositestoragei More adjustments based on PR feedback 2021-04-27 16:54:26 -07:00
groupsuffix Enhance Kube middleware to rewrite API group of ownerRefs on update verb 2022-09-21 21:30:44 -07:00
here Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
httputil Improve pod logs related to Supervisor TLS certificate problems 2023-09-11 09:13:21 -07:00
idtransform Make it possible to compare transformation pipelines in unit tests 2023-09-11 11:14:05 -07:00
kubeclient Ignore lint issues for deprecated Pool.Subjects() 2023-01-31 10:10:44 -06:00
leaderelection Fix deadlock during shutdown which prevented leader election cleanup 2023-09-20 16:54:24 -07:00
localuserauthenticator Upgrade the linter and fix all new linter warnings 2022-08-24 14:45:55 -07:00
mocks specify the container name when fetching keys from kube cert agent pod 2023-09-18 09:19:57 -07:00
net/phttp Update to github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2 2022-03-08 12:28:09 -08:00
oidcclientsecretstorage Upgrade project Go dependencies 2022-12-14 08:47:16 -08:00
ownerref Upgrade the linter and fix all new linter warnings 2022-08-24 14:45:55 -07:00
plog Adjust test expectations for compilation differences with 1.21 2023-09-06 14:52:01 -05:00
psession First draft of implementation of multiple IDPs support 2023-09-11 11:09:49 -07:00
pversion Split off helper function 2023-08-28 12:14:14 -05:00
registry Reorganized FederationDomain packages to avoid circular dependency 2023-09-11 11:09:50 -07:00
secret All controller unit tests should not cancel context until test is over 2021-03-04 17:26:01 -08:00
supervisor Fix deadlock during shutdown which prevented leader election cleanup 2023-09-20 16:54:24 -07:00
testutil add the IDP display name to the downstream ID token's sub claim 2023-09-11 11:15:40 -07:00
upstreamldap Fix conflicts caused from rebasing main into multiple IDPs branch 2023-09-11 11:15:40 -07:00
upstreamoidc reorganize federation domain packages to be more intuitive 2023-09-11 11:11:52 -07:00
valuelesscontext valuelesscontext: make unit tests more clear 2021-04-30 10:43:29 -04:00