You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently when auth is enabled and JWT token is specified via flag --auth-token, etcdserver will automatically generate a JWT token.
This feature is to allow users to manage the lifecycle of JWT tokens themselves, and set a JWT token to etcd directly if they want to enable auth for etcd. In this case, users should update the token before expiration. The feature is implemented in #16803, but there are several followups:
etcd shouldn't call Authenticate anymore, nor retry when it gets an invalid auth failure response.
If somehow users do not update the token before it expires, then it won't be able to get the current authRevision, accordingly they aren't able to generate a new JWT token, so it will run into a deadlock.
What would you like to be added?
Currently when auth is enabled and JWT token is specified via flag
--auth-token, etcdserver will automatically generate a JWT token.This feature is to allow users to manage the lifecycle of JWT tokens themselves, and set a JWT token to etcd directly if they want to enable auth for etcd. In this case, users should update the token before expiration. The feature is implemented in #16803, but there are several followups:
We need to update 3.7 changelog
Also see #16803 (comment)
Why is this needed?
To provider more flexibility to allow users manage JWT token lifecycle
The text was updated successfully, but these errors were encountered: