leave a not on rotation

steeling · steeling · commit cbbd756efbb0 · 2022-05-18T10:42:29.000-04:00
Signed-off-by: Sean Teeling &lt;seanteeling@microsoft.com&gt;
diff --git a/pkg/certificate/manager.go b/pkg/certificate/manager.go
@@ -55,6 +55,9 @@ func (m *Manager) Start(checkInterval time.Duration, stop <-chan struct{}) {
 }
 
 func (m *Manager) checkAndRotate() {
+	// NOTE: checkAndRotate can reintroduce a certificate that has been released, thereby creating an unbounded cache.
+	// A certificate can also have been rotated already, leaving the list of issued certs stale, and we re-rotate.
+	// the latter is not a bug, but a source of inefficiency.
 	for _, cert := range m.ListIssuedCertificates() {
 		shouldRotate := cert.ShouldRotate()
 

Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,9 @@ func (m *Manager) Start(checkInterval time.Duration, stop <-chan struct{}) {`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`func (m *Manager) checkAndRotate() {`
	`58`	`+ // NOTE: checkAndRotate can reintroduce a certificate that has been released, thereby creating an unbounded cache.`
	`59`	`+ // A certificate can also have been rotated already, leaving the list of issued certs stale, and we re-rotate.`
	`60`	`+ // the latter is not a bug, but a source of inefficiency.`
`58`	`61`	`for _, cert := range m.ListIssuedCertificates() {`
`59`	`62`	`shouldRotate := cert.ShouldRotate()`
`60`	`63`