scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-03 19:58:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

csr signers: increase the number of workers

Browse Source 
This change updates the number of workers that the CSR signing
controllers use.  If a large number of certificates (especially
short lived ones) are approved at the same time, it can take the
signing controllers a long time to process them serially.  The
NewCSRSigningController logic is already go routine safe.

Signed-off-by: Monis Khan <mok@vmware.com>
This commit is contained in:
Monis Khan
2021-02-24 14:53:47 -05:00
parent 6235ad8c74
commit 343a3d1882
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/kube-controller-manager/app/certificates.go
View File

@@ -57,7 +57,7 @@ func startCSRSigningController(ctx ControllerContext) (http.Handler, bool, error
if err != nil { if err != nil {
return nil, false, fmt.Errorf("failed to start kubernetes.io/kubelet-serving certificate controller: %v", err) return nil, false, fmt.Errorf("failed to start kubernetes.io/kubelet-serving certificate controller: %v", err)
} }
go kubeletServingSigner.Run(1, ctx.Stop) go kubeletServingSigner.Run(5, ctx.Stop)
} else { } else {
klog.V(2).Infof("skipping CSR signer controller %q because specific files were specified for other signers and not this one.", "kubernetes.io/kubelet-serving") klog.V(2).Infof("skipping CSR signer controller %q because specific files were specified for other signers and not this one.", "kubernetes.io/kubelet-serving")
} }
@@ -67,7 +67,7 @@ func startCSRSigningController(ctx ControllerContext) (http.Handler, bool, error
if err != nil { if err != nil {
return nil, false, fmt.Errorf("failed to start kubernetes.io/kube-apiserver-client-kubelet certificate controller: %v", err) return nil, false, fmt.Errorf("failed to start kubernetes.io/kube-apiserver-client-kubelet certificate controller: %v", err)
} }
go kubeletClientSigner.Run(1, ctx.Stop) go kubeletClientSigner.Run(5, ctx.Stop)
} else { } else {
klog.V(2).Infof("skipping CSR signer controller %q because specific files were specified for other signers and not this one.", "kubernetes.io/kube-apiserver-client-kubelet") klog.V(2).Infof("skipping CSR signer controller %q because specific files were specified for other signers and not this one.", "kubernetes.io/kube-apiserver-client-kubelet")
} }
@@ -77,7 +77,7 @@ func startCSRSigningController(ctx ControllerContext) (http.Handler, bool, error
if err != nil { if err != nil {
return nil, false, fmt.Errorf("failed to start kubernetes.io/kube-apiserver-client certificate controller: %v", err) return nil, false, fmt.Errorf("failed to start kubernetes.io/kube-apiserver-client certificate controller: %v", err)
} }
go kubeAPIServerClientSigner.Run(1, ctx.Stop) go kubeAPIServerClientSigner.Run(5, ctx.Stop)
} else { } else {
klog.V(2).Infof("skipping CSR signer controller %q because specific files were specified for other signers and not this one.", "kubernetes.io/kube-apiserver-client") klog.V(2).Infof("skipping CSR signer controller %q because specific files were specified for other signers and not this one.", "kubernetes.io/kube-apiserver-client")
} }
@@ -87,7 +87,7 @@ func startCSRSigningController(ctx ControllerContext) (http.Handler, bool, error
if err != nil { if err != nil {
return nil, false, fmt.Errorf("failed to start kubernetes.io/legacy-unknown certificate controller: %v", err) return nil, false, fmt.Errorf("failed to start kubernetes.io/legacy-unknown certificate controller: %v", err)
} }
go legacyUnknownSigner.Run(1, ctx.Stop) go legacyUnknownSigner.Run(5, ctx.Stop)
} else { } else {
klog.V(2).Infof("skipping CSR signer controller %q because specific files were specified for other signers and not this one.", "kubernetes.io/legacy-unknown") klog.V(2).Infof("skipping CSR signer controller %q because specific files were specified for other signers and not this one.", "kubernetes.io/legacy-unknown")
} }
@@ -176,7 +176,7 @@ func startCSRApprovingController(ctx ControllerContext) (http.Handler, bool, err
ctx.ClientBuilder.ClientOrDie("certificate-controller"), ctx.ClientBuilder.ClientOrDie("certificate-controller"),
ctx.InformerFactory.Certificates().V1().CertificateSigningRequests(), ctx.InformerFactory.Certificates().V1().CertificateSigningRequests(),
) )
go approver.Run(1, ctx.Stop) go approver.Run(5, ctx.Stop)
return nil, true, nil return nil, true, nil
} }