This is a little more computationally expensive but reduces the
likelihood of a potentially malicious cache collision.
Signed-off-by: Nic Cope <nicc@rk0n.org>
Kubernetes-commit: c5957c284e1d23bdadc98fbbe2bb481fc1f345d4
This helps avoid (potentially malicious) collisions when reading and
writing cache data.
Signed-off-by: Nic Cope <nicc@rk0n.org>
Kubernetes-commit: 288a17fd337c65cb5aea44e44ecb74e9cb8088f5
Part of the API discovery cache uses an HTTP RoundTripper that
transparently caches responses to disk. The upstream implementation of
the disk cache is hard coded to call Sync() on every file it writes.
This has noticably poor performance on modern Macs, which ask their disk
controllers to flush all the way to persistant storage because Go uses
the `F_FULLFSYNC` fnctl. Apple recommends minimizing this behaviour in
order to avoid degrading performance and increasing disk wear.
The content of the discovery cache is not critical; it is indeed just a
cache and can be recreated by hitting the API servers' discovery
endpoints. This commit replaces upstream httpcache's diskcache
implementation with a similar implementation that can use CRC-32
checksums to detect corrupted cache entries at read-time. When such an
entry is detected (e.g. because it was only partially flushed to
permanent storage before the host lost power) the cache will report a
miss. This causes httpcache to fall back to its underlying HTTP
transport (i.e. the real API server) and re-cache the resulting value.
Apart from adding CRC-32 checksums and avoiding calling fsync this
implementation differs from upstream httpcache's diskcache package in
that it uses FNV-32a hashes rather than MD5 hashes of cache keys in
order to generate filenames.
Signed-off-by: Nic Cope <nicc@rk0n.org>
Kubernetes-commit: 7a2c6a432f9e8db8b84abe5607843429f8bff417
