Make auth-webhook async
Bug #1927145 reported by
Cory Johns
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Kubernetes Control Plane Charm |
Fix Released
|
Critical
|
Cory Johns | ||
Bug Description
auth-webhook is currently a synchronous flask app managed by gunicorn and is threaded for as many threads as you have cores (up to 8). This is fine when we authn against local secrets/files, but threads can block if we reach out to an unavailable endpoint (keystone, custom addr, etc).
We should switch auth-webhook to an async model so we don't block all the threads if an external resource is unavailable:
| Changed in charm-kubernetes-master: | |
| status: | New → Triaged |
| assignee: | nobody → Cory Johns (johnsca) |
| importance: | Undecided → Medium |
| status: | Triaged → In Progress |
Revision history for this message
| Cory Johns (johnsca) wrote | #1 |
| Changed in charm-kubernetes-master: | |
| importance: | Medium → Critical |
| tags: | added: review-needed |
| tags: | added: backport-needed |
Revision history for this message
| Cory Johns (johnsca) wrote | #2 |
| Changed in charm-kubernetes-master: | |
| milestone: | none → 1.21+ck2 |
| status: | In Progress → Fix Committed |
| tags: | removed: backport-needed review-needed |
Revision history for this message
| Cory Johns (johnsca) wrote | #3 |
| Changed in charm-kubernetes-master: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
https:/