Merge pull request #55356 from ericchiang/cert-manager-reduce-backoff

Automatic merge from submit-queue (batch tested with PRs 54773, 52523, 47497, 55356, 49429). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. certificate manager: reduce max backoff from 128s to 32s For TLS bootstrapping in bootkube we run a kubelet with a control plane run through static pods. That static control plane has an API server and controller manager that approve the kubelet's CSR. Since the kubelet has to wait for the static control plane to come up to be approved, we hit this backoff every time and it actually adds a notable overhead to startup times. https://github.com/kubernetes-incubator/bootkube/pull/663 If this choice is somewhat arbitrary, I'd like to see it lowered for 1.9. /assign @jcbsmpsn @mikedanese ```release-note NONE ``` Kubernetes-commit: 0ff21718d127b9fc14bdfc068624e82fb84e99c2
2025-07-19 09:38:39 +00:00 · 2017-11-08 22:11:57 -08:00 · 2017-11-08 22:11:57 -08:00 · d017730688
commit d017730688
parent 7dc0693659 134dba2dab
1 changed files with 2 additions and 2 deletions
--- a/util/certificate/certificate_manager.go
+++ b/util/certificate/certificate_manager.go
@ -232,7 +232,7 @@ func (m *manager) Start() {
 		Duration: 2 * time.Second,
 		Factor:   2,
 		Jitter:   0.1,
-		Steps:    7,
+		Steps:    5,
 	}
 	go wait.Forever(func() {
 		sleepInterval := m.rotationDeadline.Sub(time.Now())
@ -240,7 +240,7 @@ func (m *manager) Start() {
 		time.Sleep(sleepInterval)
 		if err := wait.ExponentialBackoff(backoff, m.rotateCerts); err != nil {
 			utilruntime.HandleError(fmt.Errorf("Reached backoff limit, still unable to rotate certs: %v", err))
-			wait.PollInfinite(128*time.Second, m.rotateCerts)
+			wait.PollInfinite(32*time.Second, m.rotateCerts)
 		}
 	}, 0)
 }