diff --git a/pkg/controller/nodelifecycle/scheduler/timed_workers.go b/pkg/controller/nodelifecycle/scheduler/timed_workers.go index d5567d21e52..58b22fd10d0 100644 --- a/pkg/controller/nodelifecycle/scheduler/timed_workers.go +++ b/pkg/controller/nodelifecycle/scheduler/timed_workers.go @@ -52,11 +52,17 @@ type TimedWorker struct { // createWorker creates a TimedWorker that will execute `f` not earlier than `fireAt`. func createWorker(ctx context.Context, args *WorkArgs, createdAt time.Time, fireAt time.Time, f func(ctx context.Context, args *WorkArgs) error, clock clock.WithDelayedExecution) *TimedWorker { delay := fireAt.Sub(createdAt) + fWithErrorLogging := func() { + err := f(ctx, args) + if err != nil { + klog.Errorf("NodeLifecycle: timed worker failed with error: %q", err) + } + } if delay <= 0 { - go f(ctx, args) + go fWithErrorLogging() return nil } - timer := clock.AfterFunc(delay, func() { f(ctx, args) }) + timer := clock.AfterFunc(delay, fWithErrorLogging) return &TimedWorker{ WorkItem: args, CreatedAt: createdAt, diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go index 336244c7238..ea029236f96 100644 --- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go +++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go @@ -255,6 +255,7 @@ func buildControllerRoles() ([]rbacv1.ClusterRole, []rbacv1.ClusterRoleBinding) }, } if utilfeature.DefaultFeatureGate.Enabled(features.PodDisruptionConditions) { + role.Rules = append(role.Rules, rbacv1helpers.NewRule("get").Groups(legacyGroup).Resources("pods").RuleOrDie()) role.Rules = append(role.Rules, rbacv1helpers.NewRule("patch").Groups(legacyGroup).Resources("pods/status").RuleOrDie()) } return role