Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go-client: Use httpcache client for all requests, even though only openapi returns ETags for caching #47353

Merged
merged 4 commits into from
Aug 5, 2017
Merged

go-client: Use httpcache client for all requests, even though only openapi returns ETags for caching #47353

merged 4 commits into from
Aug 5, 2017

Conversation

apelisse
Copy link
Member

@apelisse apelisse commented Jun 12, 2017
edited
Loading

What this PR does / why we need it: Use HTTP ETag for caching Swagger spec download

This also adds a new command-line flag "cachedir" to specify where the cache should keep its file. It defaults to $HOME/.kube/http-cache.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): partly #38637

Special notes for your reviewer:
Because this adds a bunch of dependencies, and removes a couple of files, I do recommend reading each commit individually.

Release note:

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jun 12, 2017
@k8s-github-robot k8s-github-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. release-note-label-needed labels Jun 12, 2017
@apelisse
Copy link
Member Author

/release-note

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-label-needed labels Jun 12, 2017
@mbohlool
Copy link
Contributor

/lgtm

Don't you think keeping "add dependency" commit separate (not squashing) is cleaner?

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 13, 2017
@apelisse
Copy link
Member Author

Don't you think keeping "add dependency" commit separate (not squashing) is cleaner?

I don't have a super strong opinion, I'll reword the commit.

@k8s-github-robot k8s-github-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 23, 2017
@apelisse apelisse force-pushed the http-cache branch 2 times, most recently from d33ec70 to b4d5af8 Compare July 5, 2017 20:27
@k8s-github-robot k8s-github-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Jul 5, 2017
@pwittrock
Copy link
Member

/assign @shiywang

@apelisse
Copy link
Member Author

I found why the tests are broken, the httpcache dependency has a bug with infinite streams (and that happens for watch for example). I've submitted a patch on that library, will report when we have news.

@apelisse apelisse added the do-not-merge DEPRECATED. Indicates that a PR should not merge. Label can only be manually applied/removed. label Jul 11, 2017
@k8s-github-robot k8s-github-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Jul 17, 2017
@k8s-github-robot k8s-github-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 28, 2017
@apelisse apelisse force-pushed the http-cache branch 2 times, most recently from 3c596b0 to 2f6e7b8 Compare July 28, 2017 15:36
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: apelisse, mbohlool, pwittrock, thockin

Associated issue: 38637

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 4, 2017
@apelisse
Copy link
Member Author

apelisse commented Aug 5, 2017

/retest

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit fc89743 into kubernetes:master Aug 5, 2017
@smarterclayton
Copy link
Contributor

This broke kubectl proxy in #49534 - disabling the cache transport makes it work. It's possible that the kubectl proxy is reusing a cache with this code. Either way, we need to understand why kubectl proxy broke. This was definitely client side (I tested with an older server that doesn't have the change) so it's not related to anything server side.

I'm concerned about the implications of this change and the cache always being present, given that it is a potentially large change to behavior of kubectl. I do not like that multiple instances of kubectl running at the same time with different kubeconfigs could overlap. Has that been explicitly tested?

@smarterclayton smarterclayton mentioned this pull request Aug 6, 2017
Merged
@smarterclayton
Copy link
Contributor

It's also possible the cache transport is not upgrade aware, and that the negotiation is being intercepted somehow.

liggitt
liggitt reviewed Aug 7, 2017
View reviewed changes
staging/src/k8s.io/client-go/transport/round_trippers.go
@@ -56,6 +59,9 @@ func HTTPWrappersForConfig(config *Config, rt http.RoundTripper) (http.RoundTrip
len(config.Impersonate.Extra) > 0 {
rt = NewImpersonatingRoundTripper(config.Impersonate, rt)
}
if len(config.CacheDir) > 0 {
rt = NewCacheRoundTripper(config.CacheDir, rt)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a really significant change. Wrapping the whole transport affects every aspect of the clients, for streaming, spdy, etc. Given that we immediately saw issues with this for websocket use, I think we should revert this until the wrapping transports are more thoroughly reviewed, or we can scope this to just the discovery/openapi endpoints for now.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this also results in all get/list resources getting persisted to disk:

$ kubectl get secrets

NAME                  TYPE                                  DATA      AGE
default-token-gqj6t   kubernetes.io/service-account-token   3         13m

$ more .kube/http-cache/499e4e6a4f2a2b827ce93a2349098106

HTTP/2.0 200 OK
Content-Length: 3680
Content-Type: application/json
Date: Mon, 07 Aug 2017 00:54:25 GMT

{"kind":"SecretList","apiVersion":"v1","metadata":{"selfLink":"/api/v1/namespaces/default/secrets","resourceVersion":"1105"},"items":[{"metadata":{"name":"default-token-gqj6t"...

liggitt
liggitt reviewed Aug 7, 2017
View reviewed changes
staging/src/k8s.io/client-go/tools/clientcmd/client_config.go
// DefaultClientConfig represents the legacy behavior of this package for defaulting
// DEPRECATED will be replace
DefaultClientConfig = DirectClientConfig{*clientcmdapi.NewConfig(), "", &ConfigOverrides{
ClusterDefaults: ClusterDefaults,
CacheDir: cacheDirDefault,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this get set as the default for clients that get built from a kubeconfig (for example, the controller manager and kubelet)? If so, this needs more vetting than if it just affected kubectl

@liggitt
Copy link
Member

liggitt commented Aug 7, 2017
edited
Loading

it also looks like the disk cache component is not safe to use from multiple processes (it doesn't use atomic fs operations), and can leave partially written responses in the cache (if writeStreamWithLock encounters an error while copying the stream, it leaves the file with the partial written response in the cache dir, and returns it as if it were a successful response to future requests)

@smarterclayton
Copy link
Contributor

smarterclayton commented Aug 7, 2017 via email

@liggitt liggitt mentioned this pull request Aug 7, 2017
Merged
@liggitt liggitt added release-note-none Denotes a PR that doesn't merit a release note. and removed release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Aug 7, 2017
liggitt added a commit to liggitt/kubernetes that referenced this pull request Aug 7, 2017
@liggitt
Revert "Merge pull request kubernetes#47353 from apelisse/http-cache"
4ee72eb 
This reverts commit fc89743, reversing
changes made to 29ab38e.
k8s-github-robot pushed a commit that referenced this pull request Aug 8, 2017
Merge pull request #50254 from liggitt/revert-disk-cache
187e6ab 
Automatic merge from submit-queue (batch tested with PRs 50254, 50174, 50179)

Revert "Merge pull request #47353 from apelisse/http-cache"

Some issues were discovered with the caching merged in #47353:
* uses a disk-based cache that is not safe between processes (does not use atomic fs operations)
* writes get/list responses to disk that should not be cached (like `kubectl get secrets`)
* is vulnerable to partially written cache responses being used as responses to future requests
* breaks uses of the client transport that make use of websockets
* defaults to enabling the cache for any client builder using RecommendedConfigOverrideFlags or DefaultClientConfig which affects more components than just kubectl

This reverts commit fc89743, reversing changes made to 29ab38e.
apelisse pushed a commit to apelisse/kubernetes that referenced this pull request Aug 17, 2017
Revert "Revert "Merge pull request kubernetes#47353 from apelisse/htt…
f2cf6e6 
…p-cache""

This reverts commit 4ee72eb.
apelisse pushed a commit to apelisse/kubernetes that referenced this pull request Aug 18, 2017
Revert "Revert "Merge pull request kubernetes#47353 from apelisse/htt…
73e5ecf 
…p-cache""

This reverts commit 4ee72eb.
apelisse pushed a commit to apelisse/kubernetes that referenced this pull request Aug 23, 2017
Revert "Revert "Merge pull request kubernetes#47353 from apelisse/htt…
891e9ce 
…p-cache""

This reverts commit 4ee72eb.
apelisse pushed a commit to apelisse/kubernetes that referenced this pull request Aug 23, 2017
Revert "Revert "Merge pull request kubernetes#47353 from apelisse/htt…
0062f0f 
…p-cache""

This reverts commit 4ee72eb.
apelisse pushed a commit to apelisse/kubernetes that referenced this pull request Aug 25, 2017
Revert "Revert "Merge pull request kubernetes#47353 from apelisse/htt…
332b681 
…p-cache""

This reverts commit 4ee72eb.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pwittrock pwittrock pwittrock left review comments

@caesarxuchao caesarxuchao caesarxuchao left review comments

@liggitt liggitt liggitt left review comments

@ironcladlou ironcladlou ironcladlou left review comments

Assignees

@thockin thockin

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.