Skip to content

webhook: enhance certwatcher for atomicity and serialization#1360

Open
black-dragon74 wants to merge 1 commit intokubernetes-csi:masterfrom
black-dragon74:enh-certwatcher
Open

webhook: enhance certwatcher for atomicity and serialization#1360
black-dragon74 wants to merge 1 commit intokubernetes-csi:masterfrom
black-dragon74:enh-certwatcher

Conversation

@black-dragon74
Copy link
Contributor

@black-dragon74 black-dragon74 commented Jan 8, 2026

What type of PR is this?
/kind feature

What this PR does / why we need it:
This patch includes a set of enhancements to the certwatcher, being:

  • Use sync.RWMutex to avoid serialization bottlenecks
  • Watch the parent directory instead of the actual files (fsnotify watches inodes).
    • This takes care of the atomic writes by editors such as vi which rename a temp file instead of writing to it.
  • Makes ReadCertificate private as it will always be called internally.

Special notes for your reviewer:
NA

Does this PR introduce a user-facing change?:

NONE

@black-dragon74
webhook: enhance certwatcher for atomicity and serialization
38d7b28 
This patch includes a set of enhancements to the certwatcher, being:

- Use `sync.RWMutex` to avoid serialization bottlenecks
- Watch the parent directory instead of the actual files (fsnotify
  watches inodes).
  - This takes care of the atomic writes by editors such as `vi`.

Signed-off-by: Niraj Yadav <[email protected]>
@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/feature Categorizes issue or PR as related to a new feature. labels Jan 8, 2026
@k8s-ci-robot k8s-ci-robot requested a review from jingxu97 January 8, 2026 10:53
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Jan 8, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: black-dragon74
Once this PR has been reviewed and has the lgtm label, please assign saad-ali for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot requested a review from xing-yang January 8, 2026 10:53
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jan 8, 2026
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Jan 8, 2026

Hi @black-dragon74. Thanks for your PR.

I'm waiting for a kubernetes-csi member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jan 8, 2026
@black-dragon74
Copy link
Contributor Author

black-dragon74 commented Jan 8, 2026

/ok-to-test

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Jan 8, 2026

@black-dragon74: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

Details

In response to this:

/ok-to-test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@Rakshith-R
Copy link
Contributor

Rakshith-R commented Jan 8, 2026

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jan 8, 2026
@Rakshith-R
Copy link
Contributor

Rakshith-R commented Jan 8, 2026

/ok-to-test

@black-dragon74
Copy link
Contributor Author

black-dragon74 commented Jan 13, 2026

/assign @xing-yang

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jingxu97 jingxu97 Awaiting requested review from jingxu97

@xing-yang xing-yang Awaiting requested review from xing-yang

Assignees

@xing-yang xing-yang

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@black-dragon74 @k8s-ci-robot @Rakshith-R @xing-yang