Parameterize config watcher loop speed #1232
Conversation
|
Thank you for the PR, @connorkuehl Currently multus thin_entrypoint assumes that Kubeconfig is not updated by deployment because this modification might be reverted again when cert is rotated. Hence thin_entrypoint supports only 'generated Kubeconfig without mody out-of-band' and thin_entrypoint does not support 'Kubeconfig with modify out-of-band'. |
|
@s1061123 Ha, yeah, I was trying to test the Kubeconfig regeneration when the service account token changes but I couldn't figure out how to manually rotate the service account token, so I figured I could test by mutating the Kubeconfig and making sure that it did regenerate properly. If I drop that patch, would you still consider the patch that parameterizes how quickly the loop executes? |
connorkuehl
changed the title
|
@s1061123 I dropped the kubeconfig hashing patch. Would you be willing to consider the remaining patch for controlling how quickly the loop spins? |
|
can we keep the default second wait? if we'd like to we can update the sample daemonset to include the minute long wait also let's update the docs/how-to-use.md and/or docs/configuration.md to reflect the option as well |
Sure thing! I've pushed a new revision setting the default value to 1 second and also added to the how-to-use.md. Thanks for the review 🙂 |
|
Thanks, @dougbtv! It looks like the CI failure is unrelated to the PR. Would you mind retriggering it? edit: rebased |
This loop spins really quickly otherwise. This will allow cluster operators to choose how quickly the thin plugin reconciles the kubeconfig in the event of a stale service account token. Signed-off-by: Connor Kuehl <[email protected]>
This loop spins really quickly otherwise. This will allow cluster operators to choose how quickly the thin plugin reconciles the kubeconfig in the event of a stale service account token. BUG: k8snetworkplumbingwg#1232 Signed-off-by: Connor Kuehl <[email protected]> Signed-off-by: Chris Chiu <[email protected]>
This loop spins really quickly otherwise. This will allow cluster operators to choose how quickly the thin plugin reconciles the kubeconfig in the event of a stale service account token. BUG: k8snetworkplumbingwg#1232 Signed-off-by: Connor Kuehl <[email protected]> Signed-off-by: Chris Chiu <[email protected]>
This loop spins really quickly otherwise. This will allow cluster operators to choose how quickly the thin plugin reconciles the kubeconfig in the event of a stale service account token. BUG: k8snetworkplumbingwg#1232 Signed-off-by: Connor Kuehl <[email protected]> Signed-off-by: Chris Chiu <[email protected]>
This loop spins really quickly otherwise. This will allow cluster operators to choose how quickly the thin plugin reconciles the kubeconfig in the event of a stale service account token.