fix kubernetes waiting containers cache index #60284
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR resolves an issue with the Kubernetes ephemeral containers cache used by Kubernetes agents, where the keys used in the index and get methods did not match. This mismatch caused the get method to fail with not found error, preventing the debug container from being created. Signed-off-by: Tiago Silva <[email protected]>
rosstimothy
approved these changes
Oct 15, 2025
camscale
approved these changes
Oct 16, 2025
lib/cache/kube.go
Outdated
| map[kubeWaitingContainerIndex]func(*kubewaitingcontainerv1.KubernetesWaitingContainer) string{ | ||
| kubeWaitingContainerNameIndex: func(u *kubewaitingcontainerv1.KubernetesWaitingContainer) string { | ||
| return u.GetMetadata().GetName() | ||
| return u.GetSpec().GetUsername() + "/" + u.GetSpec().GetCluster() + "/" + u.GetSpec().GetNamespace() + "/" + u.GetSpec().GetPodName() + "/" + u.GetMetadata().GetName() |
There was a problem hiding this comment.
This same construction is done in two other places - ListKubernetesWaitingContainers() which is identical and GetKubernetesWaitingContainer() which constructs the cache key from a request and not a resource.
At the very least, can this be factored out into a separate function that is used here and in ListKubernetesWaitingContainers()? It would be nice if it could also be used by GetKubernetesWaitingContainer(), which something like this poorly named code snippet does:
type kubernetesWaitingContainerCacheKeyFieldGetter interface {
GetUsername() string
GetCluster() string
GetNamespace() string
GetPodName() string
}
func kubernetesWaitingContainerCacheKey(c kubernetesWaitingContainerCacheKeyFieldGetter, containerName string) string {
return c.GetUsername() + "/" + c.GetCluster() + "/" + c.GetNamespace() + "/" + c.GetPodName() + "/" + containerName
}
This would help prevent them diverging in future causing this issue again.
Then again, perhaps with the tests there now, this isn't necessary - if they do diverge again, the tests should pick it up.
public-teleport-github-review-bot
bot
removed the request for review
from fspmarshall
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR resolves an issue with the Kubernetes ephemeral containers cache used by Kubernetes agents, where the keys used in the index and get methods did not match.
This mismatch caused the get method to fail with not found error, preventing the debug container from being created.
Fixes #60283
Changelog: Fixed an issue that caused Kubernetes debug containers to fail with a “container not valid” error when launched by a user requiring moderated sessions.