runtime: Replace DashMap with a locked AHashMap

[olix0r]

Motivation

The kube_runtime::reflector module pulls in dashmap, a concurrent
hashmap implementation. This implementation necessarily uses unsafe,
which can lead to safety/correctness/security issues (like
RUSTSEC-2022-02).

Solution

This change replaces dashmap with a RwLock<AHashMap<...>> using
parking_lot. parking_lot currently has greater than 10x the usage
(according to https://lib.rs) and is already used by existing
dependencies.

dashmap purports to be higher bandwidth and lower latency than a
simple parking_lot lock, but most kubernetes controllers should not
operate at the scale where these differences factor into application
performance. On the other hand, all users may be impacted by correctness
issues.

AHash is used to reduce contention incurred by hash latency. AHash
claims to be ~10x faster than the default hasher, while preserving DoS
resistance.

This change does not impact the public API in any way and it should not
impact users.

Fixes #781

[olix0r]

note that the old version would hash every resource 3x more. this should be notably faster when dealing with large sets of resources.

[clux]

Thanks a lot for this implementation. I think this looks great. Agree with rationale for picking it over dashmap, it's also used by tokio:

• reverse deps dashmap
• reverse deps parking_lot
• reverse deps ahash

I will probably have some time to test this out on a decent sized reflector next week to see some performance comparisons - as it would be good to have some base numbers. But am 👍 on this.

[clux]

Did a quick benchmark on a tool that is iterating over a bunch of objects and is trying to cross-reference owning pods with a reflector store in a cluster with ~1200 pods with a --release build. This is to check how fast it can do the read side of the store, because the store write side is bounded by kuberenetes api update/patch/replace calls (and those generally happen fairly infrequently much less frequently than how fast we can loop-read - at least not fast enough worth superoptimizing for).

pseudocode of benchmark:

cache = pod reflector
for p in api.list<PrometheusRule> {
  state = cache.state() // expensive step - time of this bench dominated by this
  // look for a pod in state with matching annotations to the prometheusrule (iterate over `state` - cheap-ish)
}

this only really checks the expensiveness of cache.state() - but hopefully this is sufficiently indicative of reads anyway it's using .iter() behind the scenes.

0.66.0 with current dashmap:

real	3m40s - 3m55s
user	3m20s - 3m35s
sys	0m0.9s - 0m0.4s

this branch with parking_lot:

real	3m49s - 3m52s 
user	3m27s - 3m33s
sys	0m0.4s - 0m0.5s

results of 2 runs. to me this looks like it does not make any meaningful difference on the read side.

[nightkr]

FWIW I don't believe either this or #446 are breaking? #446 is purely additive, and this is a transparent backend change.

[clux]

You mean regarding the changelog-change label? It's not reserved for only breaking changes - and i agree this isn't. But it's also not adding any new functionality.

[nightkr]

I was thinking more about the 0.67.0 milestone.

[nightkr]

And if changelog/change isn't only for breaking changes then what's the plan for keeping track of breakage?

[clux]

The milestone I'm just using as an experimental way to group everything together (rather than having to construct a compare url) - it doesn't imply anything in particular atm.

[clux]

if changelog/change isn't only for breaking changes then what's the plan for keeping track of breakage?

well, most changelog-changes would be breaking changes at some levels. few people here would argue that new dependencies are breaking, but we've put BREAKING on tiny changes before. pretty much everything we change can break something in one way or another.

it probably makes sense to mark especially breaking things worthy of highlighting in the manually written notes in CHANGELOG.md under UNRELEASED (which gets prepended to the release)?