From fb33b2f42a9621e65883c92a3cb49a278d14c6cc Mon Sep 17 00:00:00 2001
From: Mike Danese <mikedanese@google.com>
Date: Thu, 5 Dec 2019 08:48:15 -0800
Subject: [PATCH] increase LRU cache size 8x for authorization webhook

1024 seems absurdly small for any normal deployment. At our 10000 byte
entry size limit, this will consume max ~80 MB of memory. More realistic
entry sizes are going to be less than a kB.
---
 .../k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go b/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go
index 2a0678e8e3c..3839d483eea 100644
--- a/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go
+++ b/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go
@@ -95,7 +95,7 @@ func New(kubeConfigFile string, version string, authorizedTTL, unauthorizedTTL t
 func newWithBackoff(subjectAccessReview subjectAccessReviewer, authorizedTTL, unauthorizedTTL, initialBackoff time.Duration) (*WebhookAuthorizer, error) {
 	return &WebhookAuthorizer{
 		subjectAccessReview: subjectAccessReview,
-		responseCache:       cache.NewLRUExpireCache(1024),
+		responseCache:       cache.NewLRUExpireCache(8192),
 		authorizedTTL:       authorizedTTL,
 		unauthorizedTTL:     unauthorizedTTL,
 		initialBackoff:      initialBackoff,