mirror of https://github.com/k3s-io/k3s
4e3bbe3915
Automatic merge from submit-queue (batch tested with PRs 44364, 44361, 42498) Fix the certificate rotation threshold and add jitter. Adjusts the certificate rotation threshold to be fixed, with some jitter to spread out the load on the Certificate Signing Request API. The rotation threshold is fixed at 20% now, meaning when 20% of the certificate's total duration is remaining, the certificate manager will attempt to rotate, with jitter +/-10%. For certificates of duration 1 month that means they will rotate after 24 days, +/- 3 days. On a 6000 node cluster, assuming all nodes added at nearly the same time, this should result in 6000 nodes rotating spread over 6 days (total range of the jitter), or ~42 nodes / hour requesting new certificates. |
||
|---|---|---|
| .. | ||
| BUILD | ||
| certificate_manager.go | ||
| certificate_manager_test.go | ||
| certificate_store.go | ||
| certificate_store_test.go | ||