Skip to content

Question on usefulness of RestartOnSecretRefresh #47

New issue
New issue
Open
Open
Question on usefulness of RestartOnSecretRefresh#47
Labels
dependenciesPull requests that update a dependency filegithub_actionsPull requests that update GitHub Actions codegoPull requests that update Go code
Milestone
Allow Setting Cert Validity Duration
@ahmetb

Description

@ahmetb
ahmetb
opened on Sep 21, 2022

Follow up to #44, it appears that 4842e47 added the RestartOnSecretRefresh, which restarts the process (os.Exit(0)) every time refreshCerts() is called, to update the Secret.

That said, Kubernetes typically takes ~up to 1 minute delivering the secret to kubelet (easily reproducible on minikube, or kind, or a GKE cluster) with default kubelet configurations.

Since the delivery of updated Secret to the Pod is not instant (or even a duration that can be considered quick), what makes the os.Exit(0) useful if the kubelet will still serve the old Secret upon the restart?

cc: @stijndehaes

Metadata

Metadata

Assignees

No one assigned

    Labels

    dependenciesPull requests that update a dependency filegithub_actionsPull requests that update GitHub Actions codegoPull requests that update Go code

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions