Kubernetes, get API token before accepting incoming requests to the POD

Question

My application requires to communicate with a third party services over REST API, for which in needs to send a POST request to /auth and the third-party system responses with a token. that token can then be used for the subsequent calls and it's valid up to 12 hours.

At the moment the /auth calls happen when the first request comes to the POD, and that takes few seconds. I am trying to make changes so that the POD always gets the token before serving any request.

The solution I am thinking is to use Readiness Probe in Kubernetes to get the api token before the POD become available. Is this the ideal way of solving the issue?

If so, how can I automatically re-create my POD every 12 hours? Because if I don't delete the pod after 12 hours, the token become invalid.

Answer 1

Readiness probes can stop traffic going to a pod but won't recreate it on failure, liveness probes however can.

If you have a readiness probe which checks the app is properly initialised (got the auth token) and hits an endpoint which only responds 200 when it has traffic won't be sent till it's initialised.

You can then have a liveness probe to check another endpoint (or the same with a start delay) as when liveness probes fail they will kill the pod after a certain amount of time.

Answer 2

I think that this is answering your question: Cronjob in Kubernetes to restart (delete) the pod in a deployment

Another solution would be to use Kubernetes CronJob - you can expose another endpoint that will refresh the token and call it every few hours.