Skip to content

Add periodic resync for secret-sync controller#42414

Merged
youngnick merged 1 commit intocilium:mainfrom
youngnick:add-secret-resync-interval
Dec 8, 2025
Merged

Add periodic resync for secret-sync controller#42414
youngnick merged 1 commit intocilium:mainfrom
youngnick:add-secret-resync-interval

Conversation

@youngnick
Copy link
Copy Markdown
Contributor

@youngnick youngnick commented Oct 27, 2025
edited
Loading

This commit adds a configurable setting that specifies how often the secret-sync process will resync all synchronized Secrets.

This setting defaults to 0, which means they will never be resynchronized. This is so there is no behavior change introduced.

This allows users who might sometimes see issues with the secret-sync process to be confident that secrets will be kept up to date.

operator: the K8s Secret synchronization process now resynchronizes after an hour for synced Secrets.

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Oct 27, 2025
@youngnick youngnick added the release-note/minor This PR changes functionality that users may find relevant to operating Cilium. label Oct 27, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Oct 27, 2025
@youngnick youngnick force-pushed the add-secret-resync-interval branch 7 times, most recently from a935b8f to 78387bc Compare November 3, 2025 03:56
@youngnick
Copy link
Copy Markdown
Contributor Author

youngnick commented Nov 3, 2025

/test

@youngnick youngnick marked this pull request as ready for review November 3, 2025 07:01
@youngnick youngnick requested review from a team as code owners November 3, 2025 07:01
mhofstetter
mhofstetter reviewed Nov 3, 2025
View reviewed changes
@mhofstetter mhofstetter added area/operator Impacts the cilium-operator component area/servicemesh GH issues or PRs regarding servicemesh kind/enhancement This would improve or streamline existing functionality. labels Nov 3, 2025
mhofstetter
mhofstetter reviewed Nov 3, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@mhofstetter mhofstetter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

btw: i suggest to update the release note a little bit (adding operator & k8s context - because we have more than this "secret sync")

The Secret synchronization process now has a configurable resynchronization period.
->
operator: the K8s Secret synchronization process now has a configurable resynchronization period.

@mhofstetter mhofstetter added release-note/misc This PR makes changes that have no direct user impact. and removed release-note/minor This PR changes functionality that users may find relevant to operating Cilium. labels Nov 3, 2025
@squeed
Copy link
Copy Markdown
Contributor

squeed commented Nov 3, 2025

Why default to zero? I understand this is the internal behavior, but nobody could possibly be relying on this, right, since restarting the operator process will resynchronize regardless?

@youngnick youngnick force-pushed the add-secret-resync-interval branch from 78387bc to 9d5419c Compare November 4, 2025 00:45
@youngnick youngnick force-pushed the add-secret-resync-interval branch from d218a1e to a552c87 Compare December 4, 2025 04:24
@youngnick
Copy link
Copy Markdown
Contributor Author

youngnick commented Dec 4, 2025

/test

@youngnick youngnick removed the request for review from a team December 4, 2025 05:35
@youngnick youngnick force-pushed the add-secret-resync-interval branch from a552c87 to db155f7 Compare December 4, 2025 05:37
@youngnick
Copy link
Copy Markdown
Contributor Author

youngnick commented Dec 4, 2025

/test

squeed
squeed reviewed Dec 4, 2025
View reviewed changes
squeed
squeed approved these changes Dec 4, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@squeed squeed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dig it.

mhofstetter
mhofstetter approved these changes Dec 4, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@mhofstetter mhofstetter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, only some nits

@youngnick
Add periodic resync for secret-sync controller
0a9c419 
This commit adds a periodic resync for the secret-sync controller.

Each synchronized Secret will be resynced once per hour, with some
jitter added.

This allows users who might sometimes see issues with the
secret-sync process to be confident that secrets will be kept up
to date.

Signed-off-by: Nick Young <nick@isovalent.com>
@youngnick youngnick force-pushed the add-secret-resync-interval branch from db155f7 to 0a9c419 Compare December 4, 2025 23:21
@youngnick youngnick removed the request for review from qmonnet December 4, 2025 23:23
@youngnick
Copy link
Copy Markdown
Contributor Author

youngnick commented Dec 4, 2025

/test

qmonnet
qmonnet approved these changes Dec 4, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@qmonnet qmonnet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The no-longer-existent changes to docs look good to me 🙃

@qmonnet qmonnet removed the request for review from hemanthmalla December 4, 2025 23:55
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Dec 5, 2025
@youngnick
Copy link
Copy Markdown
Contributor Author

youngnick commented Dec 8, 2025

/test

@youngnick youngnick added this pull request to the merge queue Dec 8, 2025
Merged via the queue into cilium:main with commit 99ed12b Dec 8, 2025
60 of 75 checks passed
@youngnick youngnick deleted the add-secret-resync-interval branch December 8, 2025 22:12
@youngnick youngnick added the needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch label Dec 9, 2025
@kaworu kaworu mentioned this pull request Dec 12, 2025
Merged
7 tasks
@youngnick youngnick mentioned this pull request Dec 15, 2025
Merged
@Artyop Artyop mentioned this pull request Dec 18, 2025
Merged
4 tasks
@Artyop Artyop added backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. and removed needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch labels Dec 18, 2025
@github-actions github-actions bot added backport-done/1.18 The backport for Cilium 1.18.x for this PR is done. and removed backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. labels Dec 19, 2025
@cilium-release-bot cilium-release-bot bot moved this to Released in cilium v1.19.0 Feb 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@squeed squeed squeed approved these changes

@joamaki joamaki joamaki approved these changes

@mhofstetter mhofstetter mhofstetter approved these changes

@qmonnet qmonnet qmonnet approved these changes

Assignees

No one assigned

Labels

area/operator Impacts the cilium-operator component area/servicemesh GH issues or PRs regarding servicemesh backport-done/1.18 The backport for Cilium 1.18.x for this PR is done. kind/enhancement This would improve or streamline existing functionality. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact.

Projects

No open projects
cilium v1.19.0
Status: Released

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@youngnick @squeed @joamaki @mhofstetter @qmonnet @msune @Artyop