1952001 – Delegated authentication: reduce the number of watch requests

Bug 1952001 - Delegated authentication: reduce the number of watch requests

Summary: Delegated authentication: reduce the number of watch requests

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Target Release:	4.8.0
Assignee:	Jacob Tanenbaum
QA Contact:	zhaozhanqi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1948311
TreeView+	depends on / blocked

Reported:	2021-04-21 09:55 UTC by Lukasz Szaszkiewicz
Modified:	2021-07-27 23:02 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-07-27 23:02:20 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift cluster-network-operator pull 1077	0	None	open	Bug 1952001: Updating api to reduce the number of watches	2021-04-28 17:40:22 UTC
Red Hat Product Errata	RHSA-2021:2438	0	None	None	None	2021-07-27 23:02:40 UTC

Description Lukasz Szaszkiewicz 2021-04-21 09:55:52 UTC

The cluster-network-operator repository uses the delegated authentication which has been identified to contain a bug that increases the number of watch requests against the Kube API server.

We provided a temporary branch that contains a fix and strongly recommend switching the repository to that branch. 

Please change k8s.io/apiserver to temporary-watch-reduction-patch-1.21 to pick up https://github.com/kubernetes/kubernetes/pull/101102

Feel free to remove it once the upstream PR merges and a new Z release is cut.


The improvement is significant. For example, after the fix, we reduced the number of watch requests from 1248 to 26 for the kube-apiserver-operator.

Please have a look at https://github.com/openshift/cluster-kube-apiserver-operator/pull/1110 for instructions on how to use the branch with the fix.

Comment 6 zhaozhanqi 2021-05-11 08:07:33 UTC

Verified this on 4.8.0-0.nightly-2021-05-11-025533

Comment 9 errata-xmlrpc 2021-07-27 23:02:20 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438

Note You need to log in before you can comment on or make changes to this bug.