Parameterize config watcher loop speed #1232
Conversation
|
Thank you for the PR, @connorkuehl Currently multus thin_entrypoint assumes that Kubeconfig is not updated by deployment because this modification might be reverted again when cert is rotated. Hence thin_entrypoint supports only 'generated Kubeconfig without mody out-of-band' and thin_entrypoint does not support 'Kubeconfig with modify out-of-band'. |
|
@s1061123 Ha, yeah, I was trying to test the Kubeconfig regeneration when the service account token changes but I couldn't figure out how to manually rotate the service account token, so I figured I could test by mutating the Kubeconfig and making sure that it did regenerate properly. If I drop that patch, would you still consider the patch that parameterizes how quickly the loop executes? |
connorkuehl
force-pushed
the
stale-kubeconfig-hash
branch
from
3a13761
to
9d5b8e4
Compare
connorkuehl
changed the title
|
@s1061123 I dropped the kubeconfig hashing patch. Would you be willing to consider the remaining patch for controlling how quickly the loop spins? |
|
can we keep the default second wait? if we'd like to we can update the sample daemonset to include the minute long wait also let's update the docs/how-to-use.md and/or docs/configuration.md to reflect the option as well |
connorkuehl
force-pushed
the
stale-kubeconfig-hash
branch
from
9d5b8e4
to
1303bec
Compare
Sure thing! I've pushed a new revision setting the default value to 1 second and also added to the how-to-use.md. Thanks for the review 🙂 |
|
Thanks, @dougbtv! It looks like the CI failure is unrelated to the PR. Would you mind retriggering it? edit: rebased |
This loop spins really quickly otherwise. This will allow cluster operators to choose how quickly the thin plugin reconciles the kubeconfig in the event of a stale service account token. Signed-off-by: Connor Kuehl <[email protected]>
connorkuehl
force-pushed
the
stale-kubeconfig-hash
branch
from
1303bec
to
d2d1bb2
Compare
This loop spins really quickly otherwise. This will allow cluster operators to choose how quickly the thin plugin reconciles the kubeconfig in the event of a stale service account token.