add a jitter to bound token renewal

This commit is contained in:
Shihang Zhang 2020-10-29 23:30:21 -07:00
parent 3662e1e344
commit 96fb07d6b3

View File

@ -22,6 +22,7 @@ import (
"context" "context"
"errors" "errors"
"fmt" "fmt"
"math/rand"
"sync" "sync"
"time" "time"
@ -36,8 +37,9 @@ import (
) )
const ( const (
maxTTL = 24 * time.Hour maxTTL = 24 * time.Hour
gcPeriod = time.Minute gcPeriod = time.Minute
maxJitter = 10 * time.Second
) )
// NewManager returns a new token manager. // NewManager returns a new token manager.
@ -177,11 +179,12 @@ func (m *Manager) requiresRefresh(tr *authenticationv1.TokenRequest) bool {
exp := tr.Status.ExpirationTimestamp.Time exp := tr.Status.ExpirationTimestamp.Time
iat := exp.Add(-1 * time.Duration(*tr.Spec.ExpirationSeconds) * time.Second) iat := exp.Add(-1 * time.Duration(*tr.Spec.ExpirationSeconds) * time.Second)
if now.After(iat.Add(maxTTL)) { jitter := time.Duration(rand.Float64()*maxJitter.Seconds()) * time.Second
if now.After(iat.Add(maxTTL - jitter)) {
return true return true
} }
// Require a refresh if within 20% of the TTL from the expiration time. // Require a refresh if within 20% of the TTL plus a jitter from the expiration time.
if now.After(exp.Add(-1 * time.Duration((*tr.Spec.ExpirationSeconds*20)/100) * time.Second)) { if now.After(exp.Add(-1*time.Duration((*tr.Spec.ExpirationSeconds*20)/100)*time.Second - jitter)) {
return true return true
} }
return false return false