Skip to content

Commit

Permalink
vault: do not reuse TCP connections (#486)
Browse files Browse the repository at this point in the history
This commit disables TCP connection reuse for Vault.
Apparently, TCP connections to Vault might hang if Vault
gets shutdown forcefully.

The downside of this commit is that KES has to re-open a new
TCP connection for every interaction with Vault. However,
KES should not rach out to Vault most of them time. Hence, this
change seems acceptable.

Signed-off-by: Andreas Auernhammer <[email protected]>
  • Loading branch information
aead authored Sep 11, 2024
1 parent 1da59a0 commit db17a10
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 5 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/go.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.22.5
go-version: 1.22.7
check-latest: true
id: go
- name: Check out code
Expand All @@ -34,7 +34,7 @@ jobs:
- name: "Set up Go"
uses: actions/setup-go@v5
with:
go-version: 1.22.5
go-version: 1.22.7
id: go
- name: Check out code
uses: actions/checkout@v4
Expand All @@ -54,7 +54,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.22.5
go-version: 1.22.7
check-latest: true
id: go
- name: Check out code
Expand All @@ -70,7 +70,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [1.21.12, 1.22.5]
go-version: [1.22.7, 1.23.1]
steps:
- name: Set up Go ${{ matrix.go-version }}
uses: actions/setup-go@v5
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.22.5
go-version: 1.22.7
check-latest: true
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
Expand Down
4 changes: 4 additions & 0 deletions internal/keystore/vault/vault.go
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,10 @@ func Connect(ctx context.Context, c *Config) (*Store, error) {
config.CloneTLSConfig = true // Required for status checks
config.CloneToken = true // Required for status checks
config.ConfigureTLS(tlsConfig)
if tr, ok := config.HttpClient.Transport.(*http.Transport); ok {
tr.DisableKeepAlives = true
tr.MaxIdleConnsPerHost = -1
}
vaultClient, err := vaultapi.NewClient(config)
if err != nil {
return nil, err
Expand Down

0 comments on commit db17a10

Please sign in to comment.