Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deployed pods try to start before ManagedSecrets finish unsealing #11

Open
tsutsu opened this issue Feb 4, 2021 · 0 comments
Open

Deployed pods try to start before ManagedSecrets finish unsealing #11

tsutsu opened this issue Feb 4, 2021 · 0 comments
Labels
bug Something isn't working

Comments

@tsutsu
Copy link
Member

tsutsu commented Feb 4, 2021

This causes them to stall for several seconds at startup (bad for Recreate update-strategy Deployments.) This latency could be reduced if we waited for the Secret to exist (which takes much less time, maybe a few hundred milliseconds) before deploying the new Deployment.

After we fix #9, we can ensure that any ManagedSecrets are pulled out into their own "phase", after the "setup" phase that includes the CRDs, but before the phase that includes the Deployments.

  • With the ManagedSecret phase, it's not enough to wait for the secrets themselves to deploy; we must watch for the unsealed Secrets to be created. Then we can proceed with the next phase.
@tsutsu tsutsu added the bug Something isn't working label Feb 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tsutsu and others