Autopudate#115
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request removes obsolete Kubernetes resources and configures GKE Gateway, HTTPRoute, and HealthCheckPolicy for the sam-hub service. It also enforces exact path matching in the hub server, enhances authentication error handling during node initialization, and introduces a safety mechanism to terminate the node if identity renewal fails after expiration. The review feedback correctly identifies a potential busy-spin issue in the renewal loop when the token duration is positive but extremely small, and suggests enforcing a minimum floor of 2 seconds for the renewal interval.
| } else if duration > 0 { | ||
| renewAfter = duration / 2 | ||
| } else { | ||
| renewAfter = 1 * time.Minute | ||
| renewAfter = 1 * time.Second | ||
| } |
There was a problem hiding this comment.
If duration is positive but very small (e.g., less than a few seconds), renewAfter = duration / 2 will result in extremely small durations (milliseconds or microseconds). This causes the renewal loop to busy-spin and spam the OIDC provider or hub with a rapid succession of requests as the expiration time approaches.
To prevent this, enforce a minimum floor for renewAfter (e.g., 2 seconds) when duration is small.
| } else if duration > 0 { | |
| renewAfter = duration / 2 | |
| } else { | |
| renewAfter = 1 * time.Minute | |
| renewAfter = 1 * time.Second | |
| } | |
| } else if duration > 4*time.Second { | |
| renewAfter = duration / 2 | |
| } else { | |
| renewAfter = 2 * time.Second | |
| } |
1 participant
No description provided.