Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cache the result of TeleportProcess.GetRotation #50235

Merged
merged 1 commit into from
Dec 13, 2024
Merged

Cache the result of TeleportProcess.GetRotation #50235

merged 1 commit into from
Dec 13, 2024

Conversation

espadolini
Copy link
Contributor

Each "full" resource heartbeat (i.e. an "announce" or a fallback using the UpsertFooServer rpc directly) includes the rotation state of the agent, which is read from process storage every time. When Teleport is running in Kubernetes, as part of the teleport-kube-agent, the state in process storage is actually in a Kubernetes secret, which is read from the cluster's API server with a concurrency limit of 1. This causes severe slowdowns, to the point of making the agent unusable (and reporting unhealthy and unready), when a large amount of dynamic resources, such as apps, are changed - potentially as a result of changes in the automatic discovery settings, for example. This PR adds a TTL cache for the GetRotation call, making sure the cache is invalidated whenever the process writes a new state as part of a CA rotation.

changelog: improved the performance of Teleport agents serving a large number of resources in Kubernetes

@espadolini espadolini added this pull request to the merge queue Dec 13, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Dec 13, 2024
@espadolini espadolini added this pull request to the merge queue Dec 13, 2024
Merged via the queue into master with commit e53815b Dec 13, 2024
42 of 43 checks passed
@espadolini espadolini deleted the espadolini/getrotation-fncache branch December 13, 2024 23:31
@public-teleport-github-review-bot
Copy link

@espadolini See the table below for backport results.

Branch Result
branch/v15 Create PR
branch/v16 Create PR
branch/v17 Create PR

This was referenced Dec 16, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rosstimothy rosstimothy rosstimothy approved these changes

@zmb3 zmb3 zmb3 approved these changes

@tigrato tigrato tigrato approved these changes

Assignees
No one assigned
Labels
backport/branch/v15 backport/branch/v16 backport/branch/v17 size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@espadolini @tigrato @zmb3 @rosstimothy