Skip to content

Fix memory leak issue by implementing an LRU cache for AWS credentials. #1825

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dlorenc wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix memory leak issue by implementing an LRU cache for AWS credentials. #1825

dlorenc wants to merge 1 commit into from

Conversation

@dlorenc
Copy link
Member

@dlorenc dlorenc commented Apr 20, 2025

Summary

Try to fix #1820

Release Note

Documentation

@codecov
Copy link

codecov bot commented Apr 20, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 86.07595% with 11 lines in your changes missing coverage. Please review.
✅ Project coverage is 31.17%. Comparing base (ea54b96) to head (873b812).
⚠️ Report is 22 commits behind head on main.

Files with missing lines Patch % Lines
pkg/webhook/registryauth/bounded_cache.go 91.17% 6 Missing ⚠️
pkg/webhook/registryauth/registryauth.go 54.54% 4 Missing and 1 partial ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #1825       +/-   ##
===========================================
- Coverage   42.78%   31.17%   -11.61%     
===========================================
  Files         121      123        +2     
  Lines        8994     9151      +157     
===========================================
- Hits         3848     2853      -995     
- Misses       4791     6065     +1274     
+ Partials      355      233      -122

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dlorenc dlorenc force-pushed the mem branch 2 times, most recently from 959c391 to c02ff67 Compare April 21, 2025 00:36
hectorj2f
hectorj2f previously approved these changes Apr 21, 2025
View reviewed changes
@cpanato
Copy link
Member

cpanato commented Apr 21, 2025

@dlorenc one lint error otherwise lgtm

cpanato
cpanato requested changes Apr 21, 2025
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lint error

@hectorj2f hectorj2f force-pushed the mem branch 2 times, most recently from 23bf9c0 to 9518491 Compare April 30, 2025 12:57
@cpanato cpanato force-pushed the mem branch 3 times, most recently from f059b50 to 9cf55f9 Compare May 9, 2025 13:09
@dlorenc dlorenc force-pushed the mem branch 6 times, most recently from 732b765 to 4d1b718 Compare July 28, 2025 02:11
@dlorenc
Fix memory leak issue by implementing an LRU cache for AWS credentials
873b812 
This change prevents unbounded memory growth in long-running processes
by implementing a bounded LRU cache for ECR credentials with the following features:

- Bounded cache size (default: 100 entries) to prevent memory leaks
- TTL-based expiration (default: 6 hours) to ensure credential freshness
- Thread-safe operations for concurrent access
- Graceful fallback to unbounded cache if bounded cache creation fails
- Comprehensive test coverage including unit and integration tests

The implementation uses hashicorp/golang-lru/v2 for the LRU cache and wraps
the existing ECR credential helper to maintain compatibility while adding
memory safety.

Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cpanato cpanato cpanato requested changes

@hectorj2f hectorj2f hectorj2f left review comments

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Memory Leak on EKS Clusters

3 participants

@dlorenc @cpanato @hectorj2f