Skip to content

Commit

Permalink
Merge pull request kubernetes#96037 from zshihang/jitter
Browse files Browse the repository at this point in the history
add a jitter to bound token renewal
  • Loading branch information
k8s-ci-robot authored Oct 30, 2020
2 parents 3d62aad + 96fb07d commit e9294c4
Showing 1 changed file with 8 additions and 5 deletions.
13 changes: 8 additions & 5 deletions pkg/kubelet/token/token_manager.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"context"
"errors"
"fmt"
"math/rand"
"sync"
"time"

Expand All @@ -36,8 +37,9 @@ import (
)

const (
maxTTL = 24 * time.Hour
gcPeriod = time.Minute
maxTTL = 24 * time.Hour
gcPeriod = time.Minute
maxJitter = 10 * time.Second
)

// NewManager returns a new token manager.
Expand Down Expand Up @@ -177,11 +179,12 @@ func (m *Manager) requiresRefresh(tr *authenticationv1.TokenRequest) bool {
exp := tr.Status.ExpirationTimestamp.Time
iat := exp.Add(-1 * time.Duration(*tr.Spec.ExpirationSeconds) * time.Second)

if now.After(iat.Add(maxTTL)) {
jitter := time.Duration(rand.Float64()*maxJitter.Seconds()) * time.Second
if now.After(iat.Add(maxTTL - jitter)) {
return true
}
// Require a refresh if within 20% of the TTL from the expiration time.
if now.After(exp.Add(-1 * time.Duration((*tr.Spec.ExpirationSeconds*20)/100) * time.Second)) {
// Require a refresh if within 20% of the TTL plus a jitter from the expiration time.
if now.After(exp.Add(-1*time.Duration((*tr.Spec.ExpirationSeconds*20)/100)*time.Second - jitter)) {
return true
}
return false
Expand Down

0 comments on commit e9294c4

Please sign in to comment.