Skip to content

fix(storage): cache the CollapseConfiguration read instead of doing it inside the write lock#343

Open
matthyx wants to merge 1 commit into
fix/lock-contention-fail-fastfrom
fix/collapseconfig-ttl-cache
Open

fix(storage): cache the CollapseConfiguration read instead of doing it inside the write lock#343
matthyx wants to merge 1 commit into
fix/lock-contention-fail-fastfrom
fix/collapseconfig-ttl-cache

Conversation

@matthyx

@matthyx matthyx commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Summary

  • PreSave calls CollapseSettings() on every non-time-series Create/Update, which in production resolves to NewCRDCollapseSettingsProvider doing an uncached storage Get against the single shared collapseconfigurations/default key.
  • Since PreSave runs inside s.locks.Lock(key), this disk read extended the exclusive critical section on every write — directly contributing to the lock-hold-time regression behind the ContainerProfile 504s.
  • Wraps the provider's Get in a 10s TTL cache: an atomic.Pointer holds the last resolved settings, refreshed under a mutex with a double-check so only one refresh runs per expiry.
  • Matches the provider's own already-documented tradeoff that next-deflate consistency isn't critical, so bounded staleness (≤10s) is an acceptable relaxation of strictly-fresh reads. No watch/informer wiring.

Context

Stacked on #342 (lock contention fail-fast). Part of a stack of independently-revertable fixes for the ContainerProfile 504 regression; see #342 for the shared root-cause context and validation methodology.

Test plan

  • go build ./..., go vet, gofmt clean
  • go test ./pkg/registry/file/... and -race variant pass (confirms lock-free TTL read path is race-clean)
  • New unit tests: cache-hit-within-TTL, refresh-after-expiry, missing-CR fallback

Co-Authored-By: Claude Sonnet 5 noreply@anthropic.com

@matthyx matthyx added the ai-assisted Created through Armosec AI tooling (armosec-shared-rules plugin) label Jul 3, 2026
@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 98407e96-39d3-4677-bb83-f3b05888a7cb

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/collapseconfig-ttl-cache

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR reduces lock hold time during writes by adding a small TTL cache around reading CollapseConfiguration/default from storage, so PreSave no longer performs an uncached storage Get while holding the per-key write lock.

Changes:

  • Add a 10s TTL cache (atomic pointer + mutex refresh) to NewCRDCollapseSettingsProvider to avoid repeated backing storage reads.
  • Update and expand unit tests to validate cache hit behavior, refresh after expiry, and live-update semantics under eventual consistency.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
pkg/registry/file/collapse_config_provider.go Wraps CRD-backed settings provider with an atomic+TTL cache to reduce read overhead during write-critical sections.
pkg/registry/file/collapse_config_provider_test.go Updates existing live-update test for TTL semantics and adds tests for cache-hit and refresh-after-expiry behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +100 to +112
return func() dynamicpathdetector.CollapseSettings {
if c := cache.Load(); c != nil && time.Now().Before(c.expiresAt) {
return c.settings
}
mu.Lock()
defer mu.Unlock()
if c := cache.Load(); c != nil && time.Now().Before(c.expiresAt) { // re-check under lock
return c.settings
}
settings := load()
cache.Store(&cachedCollapseSettings{settings: settings, expiresAt: time.Now().Add(collapseSettingsTTL)})
return settings
}
// duration of the test so it doesn't wait a real 10s.
func TestNewCRDCollapseSettingsProvider_LiveUpdate(t *testing.T) {
oldTTL := collapseSettingsTTL
collapseSettingsTTL = 5 * time.Millisecond
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

Summary:

  • License scan: failure
  • Credentials scan: failure
  • Vulnerabilities scan: failure
  • Unit test: success
  • Go linting: failure

…t inside the write lock

PreSave calls CollapseSettings() on every non-time-series Create/Update, which
in production resolves to NewCRDCollapseSettingsProvider doing an uncached
storage Get against the single shared collapseconfigurations/default key. Since
PreSave runs inside s.locks.Lock(key) (CreateWithConn/GuaranteedUpdateWithConn),
this disk read extended the exclusive critical section on every write, directly
contributing to the lock-hold-time regression behind the ContainerProfile 504s.

Wrap the provider's Get in a 10s TTL cache: an atomic.Pointer holds the last
resolved settings, refreshed under a mutex with a double-check so only one
refresh runs per expiry. Matches the provider's own already-documented
tradeoff that next-deflate consistency isn't critical, so bounded staleness
(<=10s) is an acceptable relaxation of strictly-fresh reads. No watch/informer
wiring — the CR changes rarely enough that TTL is sufficient and much smaller.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
@matthyx matthyx force-pushed the fix/collapseconfig-ttl-cache branch from e4149ee to 6abe45d Compare July 3, 2026 15:51
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

Summary:

  • License scan: failure
  • Credentials scan: failure
  • Vulnerabilities scan: failure
  • Unit test: success
  • Go linting: failure

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ai-assisted Created through Armosec AI tooling (armosec-shared-rules plugin)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants