fix: address remaining review feedback from gemini bot

Abhinav-kodes · Abhinav-kodes · commit 16727394c5fa · 2026-05-19T19:46:45.000+05:30
Signed-off-by: Abhinav Singh &lt;abhinavsingh717073@gmail.com&gt;
diff --git a/pkg/router/jwt.go b/pkg/router/jwt.go
@@ -24,6 +24,7 @@ import (
 	"encoding/pem"
 	"fmt"
 	"os"
+	"sync"
 	"time"
 
 	"github.com/golang-jwt/jwt/v5"
@@ -62,6 +63,7 @@ type JWTManager struct {
 	privateKey *rsa.PrivateKey
 	publicKey  *rsa.PublicKey
 	clientset  kubernetes.Interface
+	keyCache   sync.Map
 }
 
 // NewJWTManager creates a new JWT manager with a fresh RSA key pair
@@ -105,9 +107,17 @@ func (jm *JWTManager) GenerateToken(claims map[string]interface{}) (string, erro
 
 // GenerateTokenWithKey generates a JWT token signed with a specific PEM-encoded private key
 func (jm *JWTManager) GenerateTokenWithKey(claims map[string]interface{}, privateKeyPEM string) (string, error) {
-	privKey, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(privateKeyPEM))
-	if err != nil {
-		return "", fmt.Errorf("failed to parse private key: %w", err)
+	var privKey *rsa.PrivateKey
+
+	if cachedKey, ok := jm.keyCache.Load(privateKeyPEM); ok {
+		privKey = cachedKey.(*rsa.PrivateKey)
+	} else {
+		parsedKey, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(privateKeyPEM))
+		if err != nil {
+			return "", fmt.Errorf("failed to parse private key: %w", err)
+		}
+		privKey = parsedKey
+		jm.keyCache.Store(privateKeyPEM, privKey)
 	}
 
 	// Create JWT claims
diff --git a/pkg/workloadmanager/sandbox_helper.go b/pkg/workloadmanager/sandbox_helper.go
@@ -203,8 +203,7 @@ func (s *Server) initializePicoD(ctx context.Context, podIP string, entry *sandb
 	}
 	req.Header.Set("Content-Type", "application/json")
 
-	client := &http.Client{Timeout: s.config.PicoInitTimeout}
-	resp, err := client.Do(req)
+	resp, err := s.httpClient.Do(req)
 	if err != nil {
 		return fmt.Errorf("POST /init failed: %w", err)
 	}
diff --git a/pkg/workloadmanager/server.go b/pkg/workloadmanager/server.go
@@ -41,6 +41,7 @@ type Server struct {
 	tokenCache        *TokenCache
 	informers         *Informers
 	storeClient       store.Store
+	httpClient        *http.Client
 	wg                sync.WaitGroup
 }
 
@@ -107,6 +108,7 @@ func NewServer(config *Config, sandboxController *SandboxReconciler) (*Server, e
 		tokenCache:        tokenCache,
 		informers:         NewInformers(k8sClient),
 		storeClient:       store.Storage(),
+		httpClient:        &http.Client{Timeout: config.PicoInitTimeout},
 	}
 
 	// Setup routes

Original file line number	Diff line number	Diff line change
`@@ -203,8 +203,7 @@ func (s Server) initializePicoD(ctx context.Context, podIP string, entry sandb`
`203`	`203`	`}`
`204`	`204`	`req.Header.Set("Content-Type", "application/json")`
`205`	`205`
`206`		`- client := &http.Client{Timeout: s.config.PicoInitTimeout}`
`207`		`- resp, err := client.Do(req)`
	`206`	`+ resp, err := s.httpClient.Do(req)`
`208`	`207`	`if err != nil {`
`209`	`208`	`return fmt.Errorf("POST /init failed: %w", err)`
`210`	`209`	`}`
Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@ type Server struct {`
`41`	`41`	`tokenCache *TokenCache`
`42`	`42`	`informers *Informers`
`43`	`43`	`storeClient store.Store`
	`44`	`+ httpClient *http.Client`
`44`	`45`	`wg sync.WaitGroup`
`45`	`46`	`}`
`46`	`47`
`@@ -107,6 +108,7 @@ func NewServer(config Config, sandboxController SandboxReconciler) (*Server, e`
`107`	`108`	`tokenCache: tokenCache,`
`108`	`109`	`informers: NewInformers(k8sClient),`
`109`	`110`	`storeClient: store.Storage(),`
	`111`	`+ httpClient: &http.Client{Timeout: config.PicoInitTimeout},`
`110`	`112`	`}`
`111`	`113`
`112`	`114`	`// Setup routes`