-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
things david doesn't like #141
Comments
100% agree with all above except:
We never use the route until it is accepted and we explicitly set the host value. We also ignore any changes to that value - it is always
That code only exists to force a rollout on service CA rotation. Most of it could be moved to
I think this will naturally fallout as things are broken apart. The passing of state is mostly a by product of the state being available in one giant sync loop.
I do not understand exactly what you are saying. Tokens have no inactivity timeout by default since we do not hate our users.
Standa was having a hard time writing his first controller so I asked him to do the minimal work in the main loop to unblock Sally. But yeah, it needs to go. |
2019-12-10 update:
|
We have a gdoc splitting the work among other team members (only viewable if from Red Hat, sorry, community, not enough sharing options 😞 ) - https://docs.google.com/document/d/1S1o_K9CqQIwqnwL76PZczOaUCtznaH1K7eBX9CE0FOE/edit?usp=sharing |
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
Rotten issues close after 30d of inactivity. Reopen the issue by commenting /close |
@openshift-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Your route hasn't been accepted yet, so the kube-apiserver could end up forwarding to an endpoint that isn't you!
cluster-authentication-operator/pkg/operator2/operator.go
Lines 321 to 326 in 04eedbb
FooDegraded
for each control loop and allow the status union to combine them. It will make each condition write more obvious.handleAuthConfig
is outbound state. Move into a different sync loopFooDegraded
conditions.serviceCA, servingCert, err := c.handleServiceCA()
appears unnecessary. Directly depend on the key and the kubelet will properly put your pod into pending.accessTokenInactivityTimeoutSeconds
appears to be a default. why didn't you default it?handleOAuthConfig
appears to be an attempt at combining multiple different configobservers into a single loop. You do logically own all these things, but configobservation (even a single value) distinct from the main loop will give you working generations and logicaly separation you're lacking here.The text was updated successfully, but these errors were encountered: