Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cache bundles in node handler #1350

Merged
merged 4 commits into from
Jan 24, 2020
Merged

Cache bundles in node handler #1350

merged 4 commits into from
Jan 24, 2020

Conversation

azdagron
Copy link
Member

@azdagron azdagron commented Jan 22, 2020
edited
Loading

The node API FetchX509SVID RPC is called aggressively by agents. One of the responsibilities is to fetch bundle information for the agents. This results in large QPS on the database for a resource that does not change frequently. This change introduces a small bundle cache to the node
handler with one second invalidation.

Fixes #1342

@azdagron
Cache bundles in node handler
b873d0f 
The node API FetchX509SVID RPC is called aggressively by agents. One of
the responsibilities is to fetch bundle information for the agents. This
results in large QPS on the database for a resource that does not change
frequently. This change introduces a small bundle cache to the node
handler with one second invalidation.

Bundle caching has an impact on the smallest rotatable SVID TTL since it
influences how fast a prepared but unactivated CA certificate is
propogated. In normal usage scenarios, the SVID TTLs should be large
enough that there should be no practical impact. However, the rotation
integration test, which is very tightly coupled with rotation
timing, needed a small bump in CA and SVID TTLs to accomodate the caching.

Signed-off-by: Andrew Harding <azdagron@gmail.com>
@azdagron
set bundle via ds directly on cache test
3ef8ea4 
Signed-off-by: Andrew Harding <azdagron@gmail.com>
@azdagron
revert changes to integration test
a953ee7 
Signed-off-by: Andrew Harding <azdagron@gmail.com>
evan2645
evan2645 approved these changes Jan 24, 2020
View reviewed changes
Copy link
Member

@evan2645 evan2645 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice!

@azdagron azdagron merged commit adbeb11 into spiffe:master Jan 24, 2020
@azdagron azdagron mentioned this pull request Jan 30, 2020
Closed
@azdagron azdagron mentioned this pull request Feb 28, 2020
Closed
@evan2645 evan2645 mentioned this pull request Feb 28, 2020
Merged
@azdagron azdagron deleted the cache-bundles-in-node-handler branch April 16, 2020 22:55
@marcosy marcosy mentioned this pull request Jul 28, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evan2645 evan2645 evan2645 approved these changes

@amartinezfayo amartinezfayo Awaiting requested review from amartinezfayo

@APTy APTy Awaiting requested review from APTy

@marcosy marcosy Awaiting requested review from marcosy

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feature-request: cache CA bundle in the server
2 participants
@azdagron @evan2645