Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changes to improve reliability of token monitor #5597

Closed
wants to merge 6 commits into from
Closed

Changes to improve reliability of token monitor #5597

wants to merge 6 commits into from

Conversation

caseydavenport
Copy link
Member

@caseydavenport caseydavenport commented Feb 9, 2022
edited
Loading

Description

We've seen a few issues where it looks like our token monitor isn't spotting that the token changes. This is meant to try to improve the reliability of the monitor by:

  • Monitoring files direcly, in addition to the directory
  • Adding a backstop in the form of a periodic resync.

Related issues/PRs

Related to #4857

Todos

  • Tests
  • Documentation
  • Release note

Release Note

Improve reliability of token monitor

@caseydavenport caseydavenport requested a review from a team as a code owner February 9, 2022 22:18
@marvin-tigera marvin-tigera added this to the Calico v3.23.0 milestone Feb 9, 2022
@marvin-tigera marvin-tigera added docs-pr-required Change is not yet documented release-note-required Change has user-facing impact (no matter how small) labels Feb 9, 2022
@caseydavenport caseydavenport added docs-not-required Docs not required for this change and removed docs-pr-required Change is not yet documented labels Feb 9, 2022
@marvin-tigera marvin-tigera removed release-note-required Change has user-facing impact (no matter how small) docs-not-required Docs not required for this change labels Apr 21, 2022
@caseydavenport caseydavenport deleted the more-robust-token-watch branch April 21, 2022 15:42
@caseydavenport caseydavenport restored the more-robust-token-watch branch April 21, 2022 15:42
@caseydavenport caseydavenport removed this from the Calico v3.24.0 milestone Apr 21, 2022
@hopefulwalker
Copy link

This improvement was released?
I hit the problem. I'm using two environment which build by the same ansible scripts.

  1. one installation, calico/node has logs about token refresh,
  2. the other one has no logs, so after 24 hours, the token was invalidated, I have to delete the pods(calico/node), it work again.
    I have no idea about how to solved it. and try to set CALICO_MANAGE_CNI=true.

@hopefulwalker
Copy link

My way to install calico is

  1. https://projectcalico.docs.tigera.io/getting-started/kubernetes/self-managed-onprem/onpremises
  2. kubectl apply manifests file: https://raw.githubusercontent.com/projectcalico/calico/v3.24.5/manifests/calico.yaml
  3. That's it.
    Everything is fine, except the token monitor doesn't work.

@caseydavenport
Copy link
Member Author

We ended up going a different direction so the changes in this PR weren't needed. I'd recommend opening an issue to track discussion of the problems you're seeing in your cluster

@caseydavenport caseydavenport deleted the more-robust-token-watch branch July 30, 2024 20:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@caseydavenport @hopefulwalker @marvin-tigera