Make auth-webhook async
Bug #1927145 reported by
Cory Johns
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Kubernetes Control Plane Charm |
Fix Released
|
Critical
|
Cory Johns |
Bug Description
auth-webhook is currently a synchronous flask app managed by gunicorn and is threaded for as many threads as you have cores (up to 8). This is fine when we authn against local secrets/files, but threads can block if we reach out to an unavailable endpoint (keystone, custom addr, etc).
We should switch auth-webhook to an async model so we don't block all the threads if an external resource is unavailable:
Changed in charm-kubernetes-master: | |
status: | New → Triaged |
assignee: | nobody → Cory Johns (johnsca) |
importance: | Undecided → Medium |
status: | Triaged → In Progress |
Changed in charm-kubernetes-master: | |
importance: | Medium → Critical |
tags: | added: review-needed |
tags: | added: backport-needed |
To post a comment you must log in.
https:/ /github. com/charmed- kubernetes/ charm-kubernete s-master/ pull/156