From 6a509c0ea038eb1c67527d79b656cacea2f77234 Mon Sep 17 00:00:00 2001
From: James Rasell <jrasell@hashicorp.com>
Date: Thu, 28 Oct 2021 17:09:22 +0200
Subject: [PATCH] taskrunner: add clarifying initial vault token renew comment.

---
 client/allocrunner/taskrunner/vault_hook.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/client/allocrunner/taskrunner/vault_hook.go b/client/allocrunner/taskrunner/vault_hook.go
index 016fbf610..69f2beb00 100644
--- a/client/allocrunner/taskrunner/vault_hook.go
+++ b/client/allocrunner/taskrunner/vault_hook.go
@@ -216,7 +216,16 @@ OUTER:
 			}
 		}
 
-		// Start the renewal process
+		// Start the renewal process.
+		//
+		// This is the initial renew of the token which we derived from the
+		// server. The client does not know how long it took for the token to
+		// be generated and derived and also wants to gain control of the
+		// process quickly, but not too quickly. We therefore use a hardcoded
+		// increment value of 30; this value without a suffix is in seconds.
+		//
+		// If Vault is having availability issues or is overloaded, a large
+		// number of initial token renews can exacerbate the problem.
 		renewCh, err := h.client.RenewToken(token, 30)
 
 		// An error returned means the token is not being renewed