Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[branch/v9] Stop loading the enitre node set into memory per tsh ssh connection (#12014) #12573

Merged
merged 3 commits into from
May 12, 2022
Merged

[branch/v9] Stop loading the enitre node set into memory per tsh ssh connection (#12014) #12573

merged 3 commits into from
May 12, 2022

Conversation

rosstimothy
Copy link
Contributor

Backport

This will backport the following commits from master to branch/v9:

Questions ?

Please refer to the Backport tool documentation

@rosstimothy rosstimothy mentioned this pull request May 11, 2022
Merged
@github-actions github-actions bot added the tsh tsh - Teleport's command line tool for logging into nodes running Teleport. label May 11, 2022
@rosstimothy rosstimothy force-pushed the backport/branch/v9/pr-12014 branch 3 times, most recently from 97bd15c to 0ff9eed Compare May 11, 2022 19:59
@rosstimothy
Stop loading the enitre node set into memory per tsh ssh connection (#…
643afa1 
…12014)

* Prevent proxy from loading entire node set into memory more than once

When establishing a new session to a node, the proxy would load the
entire node set into memory in an attempt to find the matching host. For
smaller clusters this may not be that problematic. But on larger clusters,
loading >40k nodes into memory from the cache can be quite expensive.
This problem is compounded by the fact that it happened**per** session,
which could potentially cause the proxy to consume all available memory
and be OOM killed.

A new `NodeWatcher` is introduced which will maintain an in memory list
of all nodes per process. The watcher leverages the existing resource
watcher system and stores all nodes as types.Server, to eliminate the
cost incurred by unmarshalling the nodes from the cache. The `NodeWatcher`
provides a way to retrieve a filtered list of nodes in order to reduce the number
of copies made to only the matches.

(cherry picked from commit fa12352)
@rosstimothy rosstimothy force-pushed the backport/branch/v9/pr-12014 branch from 918a74e to 643afa1 Compare May 12, 2022 13:24
@rosstimothy rosstimothy enabled auto-merge (squash) May 12, 2022 14:40
@rosstimothy rosstimothy merged commit b911a8e into branch/v9 May 12, 2022
@webvictim webvictim mentioned this pull request Jun 8, 2022
Closed
@rosstimothy rosstimothy deleted the backport/branch/v9/pr-12014 branch July 6, 2022 21:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ibeckermayer ibeckermayer ibeckermayer approved these changes

@smallinsky smallinsky smallinsky approved these changes

Assignees
No one assigned
Labels
backport tsh tsh - Teleport's command line tool for logging into nodes running Teleport.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rosstimothy @ibeckermayer @smallinsky