Decouple burnell "provision container" provision-tls-jwt from autorecovery component
Opened this issue · 2 comments
lhotari commented
Currently JWT tokens are provisioned by an init container that is part of the autorecovery component.
This should be decoupled since provision-tls-jwt has nothing to do with Bookkeeper autorecovery.
zzzming commented
The reason we added here is because AR is the first pod coming up in the cluster. Private/public key pair need to be created ahead of bastion and other pods initialized. We have have a dedicated pod to initialize keys and JWTs.
michaeljmarshall commented
+1. We should create a separate initialization job that runs when needed.