-
Notifications
You must be signed in to change notification settings - Fork 182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SOPS AZKV getDefaultAzureCredential triggers API rate limit #840
Comments
I don't know if we can cache the auth token and reuse it across Kustomizations without violating multi-tenancy. You can set There may be some improvement that's possible to handle the rate limiting behavior a bit more cleanly. |
So for every kustomization that uses SOPS it will decrypt the secret each interval? That does sound overkill. I am also nearing a limit for the number of calls SOPS is making to AKV. Is the feature gate |
This is being worked on in fluxcd/pkg#766 |
When the Kustomize controller comes up, the getDefaultAzureCredential function will hammer the Azure API with login requests and get rate limited for a few minutes, resulting in failed Kustomize runs.
It would be preferable to cache the auth token and reuse it, rather than retrieve a new one on each SOPS decryption.
https://github.com/fluxcd/kustomize-controller/blob/main/internal/sops/azkv/keysource.go#L216
The text was updated successfully, but these errors were encountered: