Skip to content

Commit

Permalink
Don't retry health check when Unauthorized is returned
Browse files Browse the repository at this point in the history 
This fixes unnecessary delays in self-repair when the underlying provider
(e.g. the AWS provider) performs periodic kubeconfig refreshes. Without
this, the health check is retried 10 times with a 10s interval, meaning
that the controller is unable to act for at least 100 seconds, even though
it could repair itself immediately.
  • Loading branch information
@codablock
codablock authored and k8s-infra-cherrypick-robot committed Oct 6, 2022
1 parent a46c990 commit b1e45cb
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions controllers/remote/cluster_cache_tracker.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -484,6 +484,12 @@ func (t *ClusterCacheTracker) healthCheckCluster(ctx context.Context, in *health
// If no error occurs, reset the unhealthy counter.
_, err := restClient.Get().AbsPath(in.path).Timeout(in.requestTimeout).DoRaw(ctx)
if err != nil {
if apierrors.IsUnauthorized(err) {
// Unauthorized means that the underlying kubeconfig is not authorizing properly anymore, which
// usually is the result of automatic kubeconfig refreshes, meaning that we have to throw away the
// clusterAccessor and rely on the creation of a new one (with a refreshed kubeconfig)
return false, err
}
unhealthyCount++
} else {
unhealthyCount = 0
Expand Down

0 comments on commit b1e45cb

Please sign in to comment.