github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-09 21:21:14 +00:00
Code Issues Projects Releases Wiki Activity

DelegatingAuthenticationOptions TokenReview request timeout

Browse Source 
it turns out that setting a timeout on HTTP client affect watch requests made by the delegated authentication component.
with a 10 second timeout watch requests are being re-established exactly after 10 seconds even though the default request timeout for them is ~5 minutes.

this is because if multiple timeouts were set, the stdlib picks the smaller timeout to be applied, leaving other useless.
for more details see a937729c2c/src/net/http/client.go (L364)

instead of setting a timeout on the HTTP client we should use context for cancellation.
This commit is contained in:
Lukasz Szaszkiewicz
2021-04-09 13:20:51 +02:00
parent 5c5aa98215
commit d690d71d27
7 changed files with 42 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/kube-controller-manager/app/options/options_test.go
View File

@@ -414,7 +414,7 @@ func TestAddFlags(t *testing.T) {
}).WithLoopback(),
Authentication: &apiserveroptions.DelegatingAuthenticationOptions{
CacheTTL: 10 * time.Second,
ClientTimeout: 10 * time.Second,
TokenRequestTimeout: 10 * time.Second,
WebhookRetryBackoff: apiserveroptions.DefaultAuthWebhookRetryBackoff(),
ClientCert: apiserveroptions.ClientCertAuthenticationOptions{},
RequestHeader: apiserveroptions.RequestHeaderAuthenticationOptions{