Question on usefulness of RestartOnSecretRefresh #47
Labels
dependencies
Pull requests that update a dependency file
github_actions
Pull requests that update GitHub Actions code
go
Pull requests that update Go code
Milestone
Comments
srenatus
added
dependencies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Follow up to #44, it appears that 4842e47 added the RestartOnSecretRefresh, which restarts the process (
os.Exit(0)) every timerefreshCerts()is called, to update theSecret.That said, Kubernetes typically takes ~up to 1 minute delivering the secret to kubelet (easily reproducible on minikube, or kind, or a GKE cluster) with default kubelet configurations.
Since the delivery of updated
Secretto the Pod is not instant (or even a duration that can be considered quick), what makes theos.Exit(0)useful if the kubelet will still serve the old Secret upon the restart?cc: @stijndehaes
The text was updated successfully, but these errors were encountered: