-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
agent: add disable_keep_alives configurable #16479
Conversation
api/client.go
Outdated
c.config.modifyLock.Lock() | ||
defer c.config.modifyLock.Unlock() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could be an RLock
@@ -507,10 +511,14 @@ func (c *AgentCommand) Run(args []string) int { | |||
return 1 | |||
} | |||
|
|||
if config.DisableIdleConnsAutoAuth { | |||
if config.DisableIdleConnsCaching { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did this change for proxyClient
, but not for the other clients?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was actually a bug I found, this should have been checking cache/proxy.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM; would be good to change that lock to an RLock though
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR looks good aside from the locking comment that I left!
Follow up for hashicorp/vault#16479, which added support for `disable_keep_alives` This is used very similarly to `disable_idle_connections`, which was added in #366 This adds the `disable_keep_alives` setting into the injected agent's config, which can be specified per pod: ```yaml metadata: annotations: vault.hashicorp.com/agent-disable-keep-alives: "auto-auth,caching,templating" ``` globally in the injector through the helm command when deploying: ```sh helm install vault hashicorp/vault \ --set injector.extraEnvironmentVars.AGENT_INJECT_DISABLE_KEEP_ALIVES="auto-auth\,caching\,templating" ``` or through the helm `values.yaml` file: ```yaml injector: extraEnvironmentVars: AGENT_INJECT_DISABLE_KEEP_ALIVES: "auto-auth,caching,templating" ``` This was copied almost verbatim from #366, so thanks @tvoran :) Co-authored-by: Theron Voran <theron@hashicorp.com>
Support disable_keep_alives Follow up for hashicorp/vault#16479, which added support for `disable_keep_alives` This is used very similarly to `disable_idle_connections`, which was added in #366 This adds the `disable_keep_alives` setting into the injected agent's config, which can be specified per pod: ```yaml metadata: annotations: vault.hashicorp.com/agent-disable-keep-alives: "auto-auth,caching,templating" ``` globally in the injector through the helm command when deploying: ```sh helm install vault hashicorp/vault \ --set injector.extraEnvironmentVars.AGENT_INJECT_DISABLE_KEEP_ALIVES="auto-auth\,caching\,templating" ``` or through the helm `values.yaml` file: ```yaml injector: extraEnvironmentVars: AGENT_INJECT_DISABLE_KEEP_ALIVES: "auto-auth,caching,templating" ``` This was copied almost verbatim from #366, so thanks @tvoran :) Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Follow up for #15986.
This PR adds a new configurable,
disable_keep_alives
, which takes a string list to disable keep alives for various features in Vault Agent (auto-auth
,caching
andtemplating
).A small example can be found here: