-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Workaround: set long JWT token expiration #1155
Conversation
@@ -168,6 +168,7 @@ func New(ctx context.Context, proc *servicectx.Process, tracer trace.Tracer, end | |||
Username: conf.username, // optional | |||
Password: conf.password, // optional | |||
Logger: etcdLogger, | |||
PermitWithoutStream: true, // always send keep-alive pings |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aby sa keep-alive requesty posielali stale, aj ked nie je este nastaveny ziaden watch.
ttl: 10m | ||
ttl: 10080m # temporary: https://github.com/etcd-io/etcd/pull/14995 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
V etcd-client
- 3.5.6
sa pridavalo nejake watch retry, ked token expiroval, ... v 3.5.7
bol revert.
etcd-io/etcd#14995
My sme mali doteraz nastavene rotacie tokenu kazdych 10min
.
Docasne to nastavujem na 7dni
, kym sa mi to podari nastudovat, nasimulovat a vyriesit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Vyzera to tak, ze worker sa po rotacii JWT tokenu nevie z toho dostat.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
8ae70d8
to
e6da8d8
Compare
Templates API Kubernetes Diff [CI]Between Expand--- /tmp/artifacts/test-k8s-state.old.json.processed.kv 2023-01-25 12:24:08.125034542 +0000
+++ /tmp/artifacts/test-k8s-state.new.json.processed.kv 2023-01-25 12:24:08.413036246 +0000
@@ -195 +195 @@
-<Deployment/templates-api>.spec.template.spec.containers[0].image = "docker.io/keboola/templates-api:3ef7c90";
+<Deployment/templates-api>.spec.template.spec.containers[0].image = "docker.io/keboola/templates-api:3dbce31";
@@ -707,3 +707,3 @@
-<Pod/templates-api-<hash>>.spec.containers[0].image = "docker.io/keboola/templates-api:3ef7c90";
-<Pod/templates-api-<hash>>.spec.containers[0].image = "docker.io/keboola/templates-api:3ef7c90";
-<Pod/templates-api-<hash>>.spec.containers[0].image = "docker.io/keboola/templates-api:3ef7c90";
+<Pod/templates-api-<hash>>.spec.containers[0].image = "docker.io/keboola/templates-api:3dbce31";
+<Pod/templates-api-<hash>>.spec.containers[0].image = "docker.io/keboola/templates-api:3dbce31";
+<Pod/templates-api-<hash>>.spec.containers[0].image = "docker.io/keboola/templates-api:3dbce31";
@@ -1080 +1080 @@
-<Pod/templates-api-etcd-0>.spec.containers[0].env[13].value = "jwt,priv-key=/opt/bitnami/etcd/certs/token/jwt-token.pem,sign-method=RS256,ttl=10...
+<Pod/templates-api-etcd-0>.spec.containers[0].env[13].value = "jwt,priv-key=/opt/bitnami/etcd/certs/token/jwt-token.pem,sign-method=RS256,ttl=10...
@@ -1364 +1364 @@
-<ReplicaSet/templates-api-<hash>>.spec.template.spec.containers[0].image = "docker.io/keboola/templates-api:3ef7c90";
+<ReplicaSet/templates-api-<hash>>.spec.template.spec.containers[0].image = "docker.io/keboola/templates-api:3dbce31";
@@ -1437,0 +1438,12 @@
+<Secret/sh.helm.release.v1.templates-api-etcd.v2> = {};
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.apiVersion = "v1";
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.data = {};
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.kind = "Secret";
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.metadata = {};
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.metadata.labels = {};
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.metadata.labels.name = "templates-api-etcd";
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.metadata.labels.owner = "helm";
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.metadata.labels.version = "2";
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.metadata.name = "sh.helm.release.v1.templates-api-etcd.v2";
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.metadata.namespace = "templates-api";
+<Secret/sh.helm.release.v1.templates-api-etcd.v2>.type = "helm.sh/release.v1";
@@ -1629 +1641 @@
-<StatefulSet/templates-api-etcd>.spec.template.spec.containers[0].env[13].value = "jwt,priv-key=/opt/bitnami/etcd/certs/token/jwt-token.pem,sign...
+<StatefulSet/templates-api-etcd>.spec.template.spec.containers[0].env[13].value = "jwt,priv-key=/opt/bitnami/etcd/certs/token/jwt-token.pem,sign...
(see artifacts in the Github Action for more information) |
Buffer Kubernetes Diff [CI]Between Expand--- /tmp/artifacts/test-k8s-state.old.json.processed.kv 2023-01-25 12:29:06.871771363 +0000
+++ /tmp/artifacts/test-k8s-state.new.json.processed.kv 2023-01-25 12:29:07.151771150 +0000
@@ -210 +210 @@
-<Deployment/buffer-api>.spec.template.spec.containers[0].image = "docker.io/keboola/buffer-api:3ef7c90";
+<Deployment/buffer-api>.spec.template.spec.containers[0].image = "docker.io/keboola/buffer-api:3dbce31";
@@ -360 +360 @@
-<Deployment/buffer-worker>.spec.template.spec.containers[0].image = "docker.io/keboola/buffer-worker:3ef7c90";
+<Deployment/buffer-worker>.spec.template.spec.containers[0].image = "docker.io/keboola/buffer-worker:3dbce31";
@@ -423 +423 @@
-<Endpoints/buffer-etcd-headless>.subsets[0].addresses[0].hostname = "buffer-etcd-0";
+<Endpoints/buffer-etcd-headless>.subsets[0].addresses[0].hostname = "buffer-etcd-2";
@@ -427 +427 @@
-<Endpoints/buffer-etcd-headless>.subsets[0].addresses[0].targetRef.name = "buffer-etcd-0";
+<Endpoints/buffer-etcd-headless>.subsets[0].addresses[0].targetRef.name = "buffer-etcd-2";
@@ -437 +437 @@
-<Endpoints/buffer-etcd-headless>.subsets[0].addresses[2].hostname = "buffer-etcd-2";
+<Endpoints/buffer-etcd-headless>.subsets[0].addresses[2].hostname = "buffer-etcd-0";
@@ -441 +441 @@
-<Endpoints/buffer-etcd-headless>.subsets[0].addresses[2].targetRef.name = "buffer-etcd-2";
+<Endpoints/buffer-etcd-headless>.subsets[0].addresses[2].targetRef.name = "buffer-etcd-0";
@@ -472 +472 @@
-<Endpoints/buffer-etcd>.subsets[0].addresses[0].targetRef.name = "buffer-etcd-0";
+<Endpoints/buffer-etcd>.subsets[0].addresses[0].targetRef.name = "buffer-etcd-2";
@@ -484 +484 @@
-<Endpoints/buffer-etcd>.subsets[0].addresses[2].targetRef.name = "buffer-etcd-2";
+<Endpoints/buffer-etcd>.subsets[0].addresses[2].targetRef.name = "buffer-etcd-0";
@@ -811,2 +811,2 @@
-<Pod/buffer-api-<hash>>.spec.containers[0].image = "docker.io/keboola/buffer-api:3ef7c90";
-<Pod/buffer-api-<hash>>.spec.containers[0].image = "docker.io/keboola/buffer-api:3ef7c90";
+<Pod/buffer-api-<hash>>.spec.containers[0].image = "docker.io/keboola/buffer-api:3dbce31";
+<Pod/buffer-api-<hash>>.spec.containers[0].image = "docker.io/keboola/buffer-api:3dbce31";
@@ -1078 +1078 @@
-<Pod/buffer-etcd-0>.spec.containers[0].env[13].value = "jwt,priv-key=/opt/bitnami/etcd/certs/token/jwt-token.pem,sign-method=RS256,ttl=10m";...
+<Pod/buffer-etcd-0>.spec.containers[0].env[13].value = "jwt,priv-key=/opt/bitnami/etcd/certs/token/jwt-token.pem,sign-method=RS256,ttl=10080m";�...
@@ -1108 +1108 @@
-<Pod/buffer-etcd-0>.spec.containers[0].env[21].value = "new";
+<Pod/buffer-etcd-0>.spec.containers[0].env[21].value = "existing";
@@ -1315 +1315 @@
-<Pod/buffer-etcd-1>.spec.containers[0].env[13].value = "jwt,priv-key=/opt/bitnami/etcd/certs/token/jwt-token.pem,sign-method=RS256,ttl=10m";...
+<Pod/buffer-etcd-1>.spec.containers[0].env[13].value = "jwt,priv-key=/opt/bitnami/etcd/certs/token/jwt-token.pem,sign-method=RS256,ttl=10080m";�...
@@ -1345 +1345 @@
-<Pod/buffer-etcd-1>.spec.containers[0].env[21].value = "new";
+<Pod/buffer-etcd-1>.spec.containers[0].env[21].value = "existing";
@@ -1552 +1552 @@
-<Pod/buffer-etcd-2>.spec.containers[0].env[13].value = "jwt,priv-key=/opt/bitnami/etcd/certs/token/jwt-token.pem,sign-method=RS256,ttl=10m";...
+<Pod/buffer-etcd-2>.spec.containers[0].env[13].value = "jwt,priv-key=/opt/bitnami/etcd/certs/token/jwt-token.pem,sign-method=RS256,ttl=10080m";�...
@@ -1582 +1582 @@
-<Pod/buffer-etcd-2>.spec.containers[0].env[21].value = "new";
+<Pod/buffer-etcd-2>.spec.containers[0].env[21].value = "existing";
@@ -1894,2 +1894,2 @@
-<Pod/buffer-worker-<hash>>.spec.containers[0].image = "docker.io/keboola/buffer-worker:3ef7c90";
-<Pod/buffer-worker-<hash>>.spec.containers[0].image = "docker.io/keboola/buffer-worker:3ef7c90";
+<Pod/buffer-worker-<hash>>.spec.containers[0].image = "docker.io/keboola/buffer-worker:3dbce31";
+<Pod/buffer-worker-<hash>>.spec.containers[0].image = "docker.io/keboola/buffer-worker:3dbce31";
@@ -2163 +2163 @@
-<ReplicaSet/buffer-api-<hash>>.spec.template.spec.containers[0].image = "docker.io/keboola/buffer-api:3ef7c90";
+<ReplicaSet/buffer-api-<hash>>.spec.template.spec.containers[0].image = "docker.io/keboola/buffer-api:3dbce31";
@@ -2320 +2320 @@
-<ReplicaSet/buffer-worker-<hash>>.spec.template.spec.containers[0].image = "docker.io/keboola/buffer-worker:3ef7c90";
+<ReplicaSet/buffer-worker-<hash>>.spec.template.spec.containers[0].image = "docker.io/keboola/buffer-worker:3dbce31";
@@ -2378,0 +2379,12 @@
+<Secret/sh.helm.release.v1.buffer-etcd.v2> = {};
+<Secret/sh.helm.release.v1.buffer-etcd.v2>.apiVersion = "v1";
+<Secret/sh.helm.release.v1.buffer-etcd.v2>.data = {};
+<Secret/sh.helm.release.v1.buffer-etcd.v2>.kind = "Secret";
+<Secret/sh.helm.release.v1.buffer-etcd.v2>.metadata = {};
+<Secret/sh.helm.release.v1.buffer-etcd.v2>.metadata.labels = {};
+<Secret/sh.helm.release.v1.buffer-etcd.v2>.metadata.labels.name = "buffer-etcd";
+<Secret/sh.helm.release.v1.buffer-etcd.v2>.metadata.labels.owner = "helm";
+<Secret/sh.helm.release.v1.buffer-etcd.v2>.metadata.labels.version = "2";
+<Secret/sh.helm.release.v1.buffer-etcd.v2>.metadata.name = "sh.helm.release.v1.buffer-etcd.v2";
+<Secret/sh.helm.release.v1.buffer-etcd.v2>.metadata.namespace = "buffer";
+<Secret/sh.helm.release.v1.buffer-etcd.v2>.type = "helm.sh/release.v1";
@@ -2541 +2553 @@
-<StatefulSet/buffer-etcd>.spec.template.spec.containers[0].env[13].value = "jwt,priv-key=/opt/bitnami/etcd/certs/token/jwt-token.pem,sign-method...
+<StatefulSet/buffer-etcd>.spec.template.spec.containers[0].env[13].value = "jwt,priv-key=/opt/bitnami/etcd/certs/token/jwt-token.pem,sign-method...
@@ -2571 +2583 @@
-<StatefulSet/buffer-etcd>.spec.template.spec.containers[0].env[21].value = "new";
+<StatefulSet/buffer-etcd>.spec.template.spec.containers[0].env[21].value = "existing";
(see artifacts in the Github Action for more information) |
Changes: