github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 20:53:33 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #96444 from roycaihw/rbac-hook-retry-503

Browse Source 
RBAC initialization: actually retry if we failed to reconcile some objects
This commit is contained in:
Kubernetes Prow Robot 2020-11-12 13:17:01 -08:00 committed by GitHub
commit 27c2525a13
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/registry/rbac/rest/storage_rbac.go
View File

@ -174,6 +174,7 @@ func (p *PolicyData) EnsureRBACPolicy() genericapiserver.PostStartHookFunc {
// initializing roles is really important. On some e2e runs, we've seen cases where etcd is down when the server // initializing roles is really important. On some e2e runs, we've seen cases where etcd is down when the server
// starts, the roles don't initialize, and nothing works. // starts, the roles don't initialize, and nothing works.
err := wait.Poll(1*time.Second, 30*time.Second, func() (done bool, err error) { err := wait.Poll(1*time.Second, 30*time.Second, func() (done bool, err error) {
failedReconciliation := false
coreclientset, err := corev1client.NewForConfig(hookContext.LoopbackClientConfig) coreclientset, err := corev1client.NewForConfig(hookContext.LoopbackClientConfig)
if err != nil { if err != nil {
@ -234,6 +235,7 @@ func (p *PolicyData) EnsureRBACPolicy() genericapiserver.PostStartHookFunc {
if err != nil { if err != nil {
// don't fail on failures, try to create as many as you can // don't fail on failures, try to create as many as you can
utilruntime.HandleError(fmt.Errorf("unable to reconcile clusterrole.%s/%s: %v", rbac.GroupName, clusterRole.Name, err)) utilruntime.HandleError(fmt.Errorf("unable to reconcile clusterrole.%s/%s: %v", rbac.GroupName, clusterRole.Name, err))
failedReconciliation = true
} }
} }
@ -265,6 +267,7 @@ func (p *PolicyData) EnsureRBACPolicy() genericapiserver.PostStartHookFunc {
if err != nil { if err != nil {
// don't fail on failures, try to create as many as you can // don't fail on failures, try to create as many as you can
utilruntime.HandleError(fmt.Errorf("unable to reconcile clusterrolebinding.%s/%s: %v", rbac.GroupName, clusterRoleBinding.Name, err)) utilruntime.HandleError(fmt.Errorf("unable to reconcile clusterrolebinding.%s/%s: %v", rbac.GroupName, clusterRoleBinding.Name, err))
failedReconciliation = true
} }
} }
@ -295,6 +298,7 @@ func (p *PolicyData) EnsureRBACPolicy() genericapiserver.PostStartHookFunc {
if err != nil { if err != nil {
// don't fail on failures, try to create as many as you can // don't fail on failures, try to create as many as you can
utilruntime.HandleError(fmt.Errorf("unable to reconcile role.%s/%s in %v: %v", rbac.GroupName, role.Name, namespace, err)) utilruntime.HandleError(fmt.Errorf("unable to reconcile role.%s/%s in %v: %v", rbac.GroupName, role.Name, namespace, err))
failedReconciliation = true
} }
} }
} }
@ -328,9 +332,14 @@ func (p *PolicyData) EnsureRBACPolicy() genericapiserver.PostStartHookFunc {
if err != nil { if err != nil {
// don't fail on failures, try to create as many as you can // don't fail on failures, try to create as many as you can
utilruntime.HandleError(fmt.Errorf("unable to reconcile rolebinding.%s/%s in %v: %v", rbac.GroupName, roleBinding.Name, namespace, err)) utilruntime.HandleError(fmt.Errorf("unable to reconcile rolebinding.%s/%s in %v: %v", rbac.GroupName, roleBinding.Name, namespace, err))
failedReconciliation = true
} }
} }
} }
// failed to reconcile some objects, retry
if failedReconciliation {
return false, nil
}
return true, nil return true, nil
}) })