Change default value for allowance of outdated encryption pools on running servers #3342
Assignees
Milestone
Comments
de-jcup
added a commit
that referenced
this issue
Aug 7, 2024
…ted-outdated-encryption-pool-default Changed default time for accepted outdated encryption pool entry #3342
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Situation
With
a default time of 10 seconds is defined as allowed period of time of outdated pools on running servers (startup is always terminated/never allow such a situation)
Problem: A K8s deployment can take a longer time - if the server just exits K8s could restart same (old SecHub) image again . 10 seconds are never a good default time for this.
Wanted
We want to ensure that per default a K8s deployment will always work
Solution
We setup the default to 30 Minutes.
Remark: it is not problematic that we take a long time here. The shutdown of the outdated servers and the corresponding time setup is only necessary to provide an ensured point in time where all cluster members MUST be in sync to have the possibility to do an auto cleanup and remove unused encryption pool entries without any race conditions. It is okay if old servers create jobs with older encryption pool entries in the meanwhile.
The text was updated successfully, but these errors were encountered: