Merge pull request #60068 from wojtek-t/ssl_key_longer_timeout

Automatic merge from submit-queue (batch tested with PRs 60148, 60022, 59125, 60068, 60154). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Increase allowed lag for ssh key sync loop for tunneler

Part of https://github.com/kubernetes/kubernetes/issues/59347
This commit is contained in:
Kubernetes Submit Queue 2018-02-21 18:09:47 -08:00 committed by GitHub
commit c0026e5081
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -60,7 +60,12 @@ func TunnelSyncHealthChecker(tunneler Tunneler) func(req *http.Request) error {
return fmt.Errorf("Tunnel sync is taking too long: %d", lag)
}
sshKeyLag := tunneler.SecondsSinceSSHKeySync()
if sshKeyLag > 600 {
// Since we are syncing ssh-keys every 5 minutes, the allowed
// lag since last sync should be more than 2x higher than that
// to allow for single failure, which can always happen.
// For now set it to 3x, which is 15 minutes.
// For more details see: http://pr.k8s.io/59347
if sshKeyLag > 900 {
return fmt.Errorf("SSHKey sync is taking too long: %d", sshKeyLag)
}
return nil