From 220cfdff913da71e7dcdda5736eadef0fd3a5d6b Mon Sep 17 00:00:00 2001 From: Wojciech Tyczynski Date: Tue, 24 Jan 2017 15:24:24 +0100 Subject: [PATCH] Optimize secret manager to refresh secrets from apiserver cache --- pkg/kubelet/secret/BUILD | 1 + pkg/kubelet/secret/secret_manager.go | 10 +++++++++- pkg/kubelet/util/BUILD | 6 +++++- pkg/kubelet/util/util.go | 27 +++++++++++++++++++++++++++ 4 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 pkg/kubelet/util/util.go diff --git a/pkg/kubelet/secret/BUILD b/pkg/kubelet/secret/BUILD index 0f5ee43320e..3dd7ee097e1 100644 --- a/pkg/kubelet/secret/BUILD +++ b/pkg/kubelet/secret/BUILD @@ -32,6 +32,7 @@ go_library( deps = [ "//pkg/api/v1:go_default_library", "//pkg/client/clientset_generated/clientset:go_default_library", + "//pkg/kubelet/util:go_default_library", "//pkg/storage/etcd:go_default_library", "//vendor:k8s.io/apimachinery/pkg/api/errors", "//vendor:k8s.io/apimachinery/pkg/apis/meta/v1", diff --git a/pkg/kubelet/secret/secret_manager.go b/pkg/kubelet/secret/secret_manager.go index be84d6f4f1a..2fb933da76b 100644 --- a/pkg/kubelet/secret/secret_manager.go +++ b/pkg/kubelet/secret/secret_manager.go @@ -23,6 +23,7 @@ import ( "k8s.io/kubernetes/pkg/api/v1" clientset "k8s.io/kubernetes/pkg/client/clientset_generated/clientset" + "k8s.io/kubernetes/pkg/kubelet/util" storageetcd "k8s.io/kubernetes/pkg/storage/etcd" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -169,7 +170,14 @@ func (s *secretStore) Get(namespace, name string) (*v1.Secret, error) { data.Lock() defer data.Unlock() if data.err != nil || !s.clock.Now().Before(data.lastUpdateTime.Add(s.ttl)) { - secret, err := s.kubeClient.Core().Secrets(namespace).Get(name, metav1.GetOptions{}) + opts := metav1.GetOptions{} + if data.secret != nil && data.err == nil { + // This is just a periodic refresh of a secret we successfully fetched previously. + // In this case, server data from apiserver cache to reduce the load on both + // etcd and apiserver (the cache is eventually consistent). + util.FromApiserverCache(&opts) + } + secret, err := s.kubeClient.Core().Secrets(namespace).Get(name, opts) // Update state, unless we got error different than "not-found". if err == nil || apierrors.IsNotFound(err) { // Ignore the update to the older version of a secret. diff --git a/pkg/kubelet/util/BUILD b/pkg/kubelet/util/BUILD index 45afd212aa4..9bb03c34afe 100644 --- a/pkg/kubelet/util/BUILD +++ b/pkg/kubelet/util/BUILD @@ -9,8 +9,12 @@ load( go_library( name = "go_default_library", - srcs = ["doc.go"], + srcs = [ + "doc.go", + "util.go", + ], tags = ["automanaged"], + deps = ["//vendor:k8s.io/apimachinery/pkg/apis/meta/v1"], ) filegroup( diff --git a/pkg/kubelet/util/util.go b/pkg/kubelet/util/util.go new file mode 100644 index 00000000000..ba52058a10b --- /dev/null +++ b/pkg/kubelet/util/util.go @@ -0,0 +1,27 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package util + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// FromApiserverCache modifies so that the GET request will +// be served from apiserver cache instead of from etcd. +func FromApiserverCache(opts *metav1.GetOptions) { + opts.ResourceVersion = "0" +}