-
Notifications
You must be signed in to change notification settings - Fork 318
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't hang forever if there is no role defined for a pod #28
Comments
It just occurred to me that it could also be solved by simply asking the API server if the pod has a role annotation in case it's not already in the roleByIP table. What do you think about that? |
It won't hang forever but the defaults of the backoff algorithm is pretty long (15'): https://godoc.org/github.com/cenkalti/backoff#pkg-examples
The retry is there to avoid a race condition in case we haven't got the role data yet. I agree that the defaults are too long.
I would prefer that we change the values for the retry to a few seconds max rather than adding an API call. It's easy to do by configuring the backoff returned by |
This makes the max interval and max elapsed time configurabel for the exponential backoff used when getting a role based on source IP. The defaults are still the same e.g. 1 minute for MaxInterval and 15 minutes for the MaxElapsedTime. Fix jtblin#28
This makes the max interval and max elapsed time configurabe for the exponential backoff used when getting a role based on source IP. The defaults are still the same e.g. 1 minute for MaxInterval and 15 minutes for the MaxElapsedTime. Fix #28 * Use sane max interval & max elapsed time defaults
This makes the max interval and max elapsed time configurabe for the exponential backoff used when getting a role based on source IP. The defaults are still the same e.g. 1 minute for MaxInterval and 15 minutes for the MaxElapsedTime. Fix jtblin#28 * Use sane max interval & max elapsed time defaults
This makes the max interval and max elapsed time configurabe for the exponential backoff used when getting a role based on source IP. The defaults are still the same e.g. 1 minute for MaxInterval and 15 minutes for the MaxElapsedTime. Fix jtblin#28 * Use sane max interval & max elapsed time defaults
This makes the max interval and max elapsed time configurabe for the exponential backoff used when getting a role based on source IP. The defaults are still the same e.g. 1 minute for MaxInterval and 15 minutes for the MaxElapsedTime. Fix jtblin#28 * Use sane max interval & max elapsed time defaults
Currently a call to metadata from a pod without a role will hang forever because it retries to get the role from the IP indefinitely: https://github.com/jtblin/kube2iam/blob/master/cmd/server.go#L61-L66.
If the retry really is needed I think it would be better to limit it to X number of retries and then respond. Hanging the connection forever is not nice for the calling application.
I know this could be solved by setting a default role, but it should also work when no default role is defined IMO.
I wouldn't mind making a PR fixing this, but I would like your (@jtblin) opinion before I start, if you don't mind.
The text was updated successfully, but these errors were encountered: