Skip to content

filter_kubernetes: don't recycle connections in fetch_pod_service_map #11600

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
edsiper wants to merge 1 commit into
base: master
Choose a base branch
from
+5 −1
Open

filter_kubernetes: don't recycle connections in fetch_pod_service_map #11600

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion plugins/filter_kubernetes/kubernetes_aws.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
#include "fluent-bit/flb_http_client.h"
#include "fluent-bit/flb_filter_plugin.h"
#include "fluent-bit/flb_pack.h"
#include "fluent-bit/flb_upstream.h"
#include "fluent-bit/flb_upstream_conn.h"
/*
* If a file exists called service.map, load it and use it.
Expand Down Expand Up @@ -245,6 +246,7 @@ int fetch_pod_service_map(struct flb_kube *ctx, char *api_server_url,

if (!c) {
flb_error("[kubernetes] could not create HTTP client");
flb_upstream_conn_recycle(u_conn, FLB_FALSE);
flb_upstream_conn_release(u_conn);
flb_upstream_destroy(ctx->aws_pod_association_upstream);
flb_tls_destroy(ctx->aws_pod_association_tls);
Expand All @@ -265,6 +267,7 @@ int fetch_pod_service_map(struct flb_kube *ctx, char *api_server_url,
c->resp.payload);
}
flb_http_client_destroy(c);
flb_upstream_conn_recycle(u_conn, FLB_FALSE);
flb_upstream_conn_release(u_conn);
return -1;
}
Expand All @@ -276,8 +279,9 @@ int fetch_pod_service_map(struct flb_kube *ctx, char *api_server_url,
parse_pod_service_map(ctx, c->resp.payload, c->resp.payload_size, mutex);
}

/* Cleanup */
/* Cleanup - mark connection as non-recyclable to prevent memory leak */
flb_http_client_destroy(c);
flb_upstream_conn_recycle(u_conn, FLB_FALSE);
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Mar 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep successful pod-association fetches recyclable

When the pod-association endpoint rotates its mTLS certs, this line forces the very next refresh to open a new TLS session with the old in-memory ctx->aws_pod_association_tls object. That TLS context is only rebuilt in flb_kube_pod_association_init() (plugins/filter_kubernetes/kube_meta.c:2020-2045), and the surrounding comment in fetch_pod_service_map() (plugins/filter_kubernetes/kubernetes_aws.c:214-218) explicitly relies on reusing the existing connection until a failure triggers that rebuild. With recycle forced off after every 200 response, the first post-rotation refresh will fail and the pod/service map stays stale until the next refresh interval recreates the upstream.

Useful? React with 👍 / 👎.

flb_upstream_conn_release(u_conn);
}
return 0;
Expand Down
Loading