Add flags to configure LeaseDuration and RenewDeadline #385
Conversation
cert-manager-prow
bot
added
dco-signoff: yes
|
Hi @jabdoa2. Thanks for your PR. I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
cert-manager-prow
bot
added
the
size/XS
|
Thanks, @jabdoa2! I think it makes sense to allow these values to be configured. WDYT? |
jabdoa2
force-pushed
the
robust_leader_election
branch
from
00d22f1
to
bdaf43d
Compare
done. |
cert-manager-prow
bot
added
size/S
|
/ok-to-test |
cert-manager-prow
bot
added
ok-to-test
and removed
needs-ok-to-test
inteon
changed the title
inteon
changed the title
| @@ -187,6 +194,14 @@ func (o *Options) addAppFlags(fs *pflag.FlagSet) { | |||
| "readiness-probe-path", "/readyz", | |||
| "HTTP path to expose the readiness probe server.") | |||
|
|
|||
| fs.DurationVar(o.LeaseDuration, | |||
| "lease-duration", time.Second*60, | |||
There was a problem hiding this comment.
Let's start with making these durations configurable without changing the defaults.
In another PR, we can increase these values and discuss if that makes sense there.
There was a problem hiding this comment.
Ok will change that. Those defaults are really bad though. Even very mainstream controller (i.e. nginx-ingress) increase this by default (nginx-ingress does 30s renew for example).
cert-manager-prow
bot
added
the
approved
jabdoa2
force-pushed
the
robust_leader_election
branch
from
7fed76e
to
5896a4d
Compare
Test is fixed and commits are squashed. Should be good to go. |
cmd/trust-manager/app/app.go
Outdated
| @@ -74,12 +75,16 @@ func NewCommand() *cobra.Command { | |||
| eventBroadcaster.StartLogging(func(format string, args ...any) { mlog.V(3).Info(fmt.Sprintf(format, args...)) }) | |||
| eventBroadcaster.StartRecordingToSink(&clientv1.EventSinkImpl{Interface: cl.CoreV1().Events("")}) | |||
|
|
|||
| renewDeadline := time.Second * 10 | |||
| leaseDuration := time.Second * 15 | |||
There was a problem hiding this comment.
While the tests are now green, we are not using the new flags. 😁 Can you try to fix this please, @jabdoa2?
There was a problem hiding this comment.
Ups. Left over from my tests. Will fix that. Sorry
Signed-off-by: Jan Kantert <jan-mpf@kantert.net> Co-authored-by: Erik Godding Boye <egboye@gmail.com>
jabdoa2
force-pushed
the
robust_leader_election
branch
from
5896a4d
to
f239b89
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: erikgb The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This change will prevent trust-manager from restart looping when kube API server is (over-)loaded. Most kubernetes operators increase this value as the default (15s) is too low under load.