From f4ffde89d0205100417bac119c96c6918f051139 Mon Sep 17 00:00:00 2001 From: dandds Date: Tue, 3 Dec 2019 09:19:44 -0500 Subject: [PATCH] Add more restrictions to K8s CRL CronJob. The K8s CronJob that manages CRL syncing often leaves pods hanging around for days at a time. This appears to happen when the download of a particular CRL from DISA hangs for whatever reason. This updates the configuration so that a running cronjob is automatically replaced by its successor, rather than the two running concurrently. (The CRL CronJob runs every hour, and it one has taken that long then it's hanging and needs to be replace.) Similarly, this updates the config to only retain one successful CRL pod, rather than the default of three. --- deploy/azure/crls-sync.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy/azure/crls-sync.yaml b/deploy/azure/crls-sync.yaml index f5bcdcf8..5e95e331 100644 --- a/deploy/azure/crls-sync.yaml +++ b/deploy/azure/crls-sync.yaml @@ -5,6 +5,8 @@ metadata: namespace: atat spec: schedule: "0 * * * *" + concurrencyPolicy: Replace + successfulJobsHistoryLimit: 1 jobTemplate: spec: template: