From d2c4426e970712fce4f1fe2e0d7b8e4b1b09d1ca Mon Sep 17 00:00:00 2001 From: "Rostislav M. Georgiev" Date: Wed, 1 Apr 2020 17:46:30 +0300 Subject: [PATCH] kubeadm join: Wait longer for TLS bootstrapping The TLS bootstrapping timeout is increased to 5 minutes with a retry once every 5 seconds. Failing fast if the kubelet is not healthy is also preserved. Signed-off-by: Rostislav M. Georgiev --- cmd/kubeadm/app/cmd/phases/join/kubelet.go | 2 +- cmd/kubeadm/app/constants/constants.go | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/cmd/kubeadm/app/cmd/phases/join/kubelet.go b/cmd/kubeadm/app/cmd/phases/join/kubelet.go index cdb535a0a01..5648c3b1c15 100644 --- a/cmd/kubeadm/app/cmd/phases/join/kubelet.go +++ b/cmd/kubeadm/app/cmd/phases/join/kubelet.go @@ -204,7 +204,7 @@ func waitForTLSBootstrappedClient() error { fmt.Println("[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...") // Loop on every falsy return. Return with an error if raised. Exit successfully if true is returned. - return wait.PollImmediate(kubeadmconstants.APICallRetryInterval, kubeadmconstants.TLSBootstrapTimeout, func() (bool, error) { + return wait.PollImmediate(kubeadmconstants.TLSBootstrapRetryInterval, kubeadmconstants.TLSBootstrapTimeout, func() (bool, error) { // Check that we can create a client set out of the kubelet kubeconfig. This ensures not // only that the kubeconfig file exists, but that other files required by it also exist (like // client certificate and key) diff --git a/cmd/kubeadm/app/constants/constants.go b/cmd/kubeadm/app/constants/constants.go index 859ae18bc6e..723ab2fd058 100644 --- a/cmd/kubeadm/app/constants/constants.go +++ b/cmd/kubeadm/app/constants/constants.go @@ -182,7 +182,9 @@ const ( // PatchNodeTimeout specifies how long kubeadm should wait for applying the label and taint on the control-plane before timing out PatchNodeTimeout = 2 * time.Minute // TLSBootstrapTimeout specifies how long kubeadm should wait for the kubelet to perform the TLS Bootstrap - TLSBootstrapTimeout = 2 * time.Minute + TLSBootstrapTimeout = 5 * time.Minute + // TLSBootstrapRetryInterval specifies how long kubeadm should wait before retrying the TLS Bootstrap check + TLSBootstrapRetryInterval = 5 * time.Second // PullImageRetry specifies how many times ContainerRuntime retries when pulling image failed PullImageRetry = 5 // PrepullImagesInParallelTimeout specifies how long kubeadm should wait for prepulling images in parallel before timing out