From a0ab61d3d7d7cba127ff4bead895dfc1e571fb8c Mon Sep 17 00:00:00 2001 From: Elias Wilken Date: Mon, 8 Jan 2024 07:30:08 +0100 Subject: [PATCH] reevaluate clusters every 30s, no matter when they expire --- Nautik Helper/AppState.swift | 9 --------- README.md | 4 +--- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/Nautik Helper/AppState.swift b/Nautik Helper/AppState.swift index 9c61d94..5d302e7 100644 --- a/Nautik Helper/AppState.swift +++ b/Nautik Helper/AppState.swift @@ -106,15 +106,6 @@ class AppState { } for cluster in clusters { - // If the cluster has an evaluation expiration, re-evaluate it 7 minutes before the expiration. - if let credentialsExpireAt = cluster.credentialsExpireAt, credentialsExpireAt > (Date.now + 60 * 7) { - continue - } - // If it doesn't, re-evaluate it every 15 minutes. - if cluster.credentialsExpireAt == nil && Date.now < (cluster.lastEvaluation + 60 * 15) { - continue - } - // Refresh cluster info, auth info & namespace from the file and re-evaluate auth. if case let .ok(watchResult) = await self.kubeConfigs.first(where: { $0.path == cluster.kubeConfigPath }), let watchedCluster = watchResult.clusters.first(where: { $0.context.name == cluster.kubeConfigContextName }) { diff --git a/README.md b/README.md index c26b23f..5bc53e4 100644 --- a/README.md +++ b/README.md @@ -17,14 +17,12 @@ The helper app allows you to add kubeconfig files to keep track of via a file pi The Nautik Helper app's main window, showing two Kubernetes clusters under management. -Clusters on the keychain are continuously evaluated by the helper app. For clusters with exec plugins, the re-evaluation is done 7 minutes before the temporary credentials generated by the exec plugin expire. Other clusters are re-evaluated every 15 minutes. If a cluster's corresponding kubeconfig entry includes `client-certificate`, `client-key` or `token-file` keys, the file contents of the corresponding files are copied into the `client-certificate-data`, `client-key-data` and `token` fields of the stored cluster to have them be consumed by the main app on macOS, iOS or iPadOS. If a cluster's corresponding kubeconfig entry includes an `exec` value, the helper app spawns a process as the user running the helper app, executing the corresponding exec-based authentication plugin and copying its output into the `client-certificate-data`, `client-key-data` and `token` fields of the stored cluster to have them be consumed by the main app. +Clusters on the keychain are reevaluated by the helper app every 30 seconds. If a cluster's corresponding kubeconfig entry includes `client-certificate`, `client-key` or `token-file` keys, the file contents of the corresponding files are copied into the `client-certificate-data`, `client-key-data` and `token` fields of the stored cluster to have them be consumed by the main app on macOS, iOS or iPadOS. If a cluster's corresponding kubeconfig entry includes an `exec` value, the helper app spawns a process as the user running the helper app, executing the corresponding exec-based authentication plugin and copying its output into the `client-certificate-data`, `client-key-data` and `token` fields of the stored cluster to have them be consumed by the main app. The Nautik Helper app's cluster settings window, showing two kubeconfig files with one Kubernetes cluster inside of each. Support for the `auth-provider` field on the kubeconfig is currently unimplemented. But support for the `oidc` auth provider is planned to be included on the main app at a later point. Contributions to the helper app extending the range of supported auth methods are very welcome. -The helper app evaluates the refresh timestamps on stored clusters every 30 seconds, refreshes the properties of static cluster credentials every 15 minutes and re-evaluates dynamic `exec` plugin outputs 7 minutes before they expire. - To allow to be run on multiple Macs and user accounts in parallel without interference, the helper app stores the device UUID and user of the system it was added on with the cluster. ## Installation