-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add flags to configure LeaseDuration and RenewDeadline #385
Add flags to configure LeaseDuration and RenewDeadline #385
Conversation
Hi @jabdoa2. Thanks for your PR. I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Thanks, @jabdoa2! I think it makes sense to allow these values to be configured. WDYT? |
00d22f1
to
bdaf43d
Compare
done. |
/ok-to-test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the flags should be given a bit more context. The suggested flag names are consistent with the equivalent flags in cert-manager.
@@ -187,6 +194,14 @@ func (o *Options) addAppFlags(fs *pflag.FlagSet) { | |||
"readiness-probe-path", "/readyz", | |||
"HTTP path to expose the readiness probe server.") | |||
|
|||
fs.DurationVar(o.LeaseDuration, | |||
"lease-duration", time.Second*60, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's start with making these durations configurable without changing the defaults.
In another PR, we can increase these values and discuss if that makes sense there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok will change that. Those defaults are really bad though. Even very mainstream controller (i.e. nginx-ingress) increase this by default (nginx-ingress does 30s renew for example).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
Changes looks good to me. Can you try to figure out why CI is failing and squash commits, please @jabdoa2?
7fed76e
to
5896a4d
Compare
Test is fixed and commits are squashed. Should be good to go. |
cmd/trust-manager/app/app.go
Outdated
@@ -74,12 +75,16 @@ func NewCommand() *cobra.Command { | |||
eventBroadcaster.StartLogging(func(format string, args ...any) { mlog.V(3).Info(fmt.Sprintf(format, args...)) }) | |||
eventBroadcaster.StartRecordingToSink(&clientv1.EventSinkImpl{Interface: cl.CoreV1().Events("")}) | |||
|
|||
renewDeadline := time.Second * 10 | |||
leaseDuration := time.Second * 15 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While the tests are now green, we are not using the new flags. 😁 Can you try to fix this please, @jabdoa2?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ups. Left over from my tests. Will fix that. Sorry
Signed-off-by: Jan Kantert <jan-mpf@kantert.net> Co-authored-by: Erik Godding Boye <egboye@gmail.com>
5896a4d
to
f239b89
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, @jabdoa2! 🚀
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: erikgb The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This change will prevent trust-manager from restart looping when kube API server is (over-)loaded. Most kubernetes operators increase this value as the default (15s) is too low under load.