feat(constants): add cert restart buffer for secret-operator

whg517 · Sep 12, 2024 · c9057b9 · c9057b9
1 parent 0d7bf10
commit c9057b9
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/pkg/constants/secret.go b/pkg/constants/secret.go
@@ -52,6 +52,12 @@ const (
  // golang time.Duration string, it will be used to create certificate expiration time.
  AnnotationSecretCertLifeTime string = secretAPIGroupPrefix + "autoTlsCertLifetime"
  AnnotationSecretsCertJitterFactor string = secretAPIGroupPrefix + "autoTlsCertJitterFactor"
+ // When a large number of Pods restart at a similar time,
+ // because the pod restart time is uncertain, the restart process may be relatively long,
+ // even if there is a time limit for elegant shutdown, there will still be a case of pod late restart
+ // resulting in certificate expiration.
+ // To avoid this, the pod expiration time is checked before this buffer time.
+ AnnotationSecretsCertRestartBuffer string = "secrets.zncdata.dev/" + "autoTlsCertRestartBuffer"
 
  // KerberosServiceNames is the list of Kerberos service names.
  // It is a comma separated list of Kerberos realms.