Cache Expiration Time

KubeArchive delegates authentication and authorization to Kubernetes. To avoid pressure on the Kubernetes API, KubeArchive caches the authentication and authorization answers.

There are two different environment variables that control cache expiration:

  • CACHE_EXPIRATION_AUTHORIZED: controls the expiration time for authorized/authenticated requests. If not set, the default value is 10 minutes.

  • CACHE_EXPIRATION_UNAUTHORIZED: controls the expiration time for unauthorized/unauthenticated requests. If not set, the default value is 1 minute.

To modify the expiration time, perform the following steps:

  1. Edit or patch the kubearchive-api-server Deployment present on the kubearchive namespace. The values need to be parseable by time.ParseDuration):

    ---
apiVersion: v1
kind: Deployment
spec:
  template:
    spec:
      containers:
      - name: kubearchive-api-server
        env:
        - name: CACHE_EXPIRATION_AUTHORIZED
          value: 1h
        - name: CACHE_EXPIRATION_UNAUTHORIZED
          value: 5m

If the values are not set or they are not parseable by time.ParseDuration the Deployment fails and does not start.

  1. Save the patch somewhere in the disk and apply it:

    kubectl patch -n kubearchive deployment kubearchive-api-server --patch-file path/to/patch.yaml
Expiring the cache

To expire the current cache restart the kubearchive-api-server deployment with the command kubectl rollout -n kubearchive restart deployment kubearchive-api-server.