Skip to content

Reduce the amount of authentication requests #1077

New issue
New issue
Closed
#5283
Closed
Reduce the amount of authentication requests#1077
#5283
Assignees
nojnhuh
Labels
kind/featureCategorizes issue or PR as related to a new feature.needs-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.priority/important-longtermImportant over the long term, but may not be staffed and/or may need multiple releases to complete.size/LDenotes a PR that changes 100-499 lines, ignoring generated files.
Milestone
v1.18
@devigned

Description

@devigned
devigned
opened on Dec 15, 2020

/kind feature

Describe the solution you'd like
For every reconciliation, CAPZ will completely rebuild the cluster Authorizer and with it, cause a request to Azure Active Directory to procure a new JWT which will them be used to Authenticate to Azure. You can see the POST in the Jaeger output below.

capz-auth-overhead

Azure Active Directory generally responds in about 80ms - 200ms, but this is overhead for every reconcile cycle. It adds up. Also, it's not very friendly to Azure Active Directory.

I think we can use the work in #1067, specifically, the Authorizer.Hash() and the time to live least recently used cache to create a safe and efficient mechanism to reuse Authorizers across reconcile cycles.

Metadata

Metadata

Assignees

Labels

kind/featureCategorizes issue or PR as related to a new feature.needs-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.priority/important-longtermImportant over the long term, but may not be staffed and/or may need multiple releases to complete.size/LDenotes a PR that changes 100-499 lines, ignoring generated files.

Type

No type

Projects

CAPZ Planning

Status

Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions