Update operator Pod to speed up secret propagation #5519
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
miriam-eid
force-pushed
the
operator-crash
branch
from
2926c98 to
afa51b2
Compare
miriam-eid
force-pushed
the
operator-crash
branch
from
03374bc to
92de3f7
Compare
barkbay
reviewed
Mar 28, 2022
miriam-eid
commented
Apr 4, 2022
|
|
||
| // updateOperatorPod updates a specific annotation on a single pod to speed up secret propagation. | ||
| func updateOperatorPod(ctx context.Context, pod corev1.Pod, clientset kubernetes.Interface) { | ||
| err := retry.RetryOnConflict(retry.DefaultRetry, func() error { |
There was a problem hiding this comment.
Since the ReconcileResources function is outside the reconciliation loop, I implemented this retry mechanism. Would it be worth it?
barkbay
reviewed
Apr 6, 2022
barkbay
reviewed
Apr 6, 2022
There was a problem hiding this comment.
I ran a few other tests and it works great. In a new/cleaned namespace the first start of the operator is much more faster. It only takes ~1 sec for the operator to generate the certificates and resume its startup:
{
"log.level": "info",
"@timestamp": "2022-04-06T06:17:12.288Z",
"message": "Polling for the webhook certificate to be available",
}{
"log.level": "info",
"@timestamp": "2022-04-06T06:17:13.289Z",
"message": "Starting the manager",
}I also tested the retry mechanism (by generating conflicts using annotations), it feels a bit "over engineered" but it works as expected.
thbkrkr
changed the title
fantapsody
pushed a commit
to fantapsody/cloud-on-k8s
that referenced
this pull request
Feb 7, 2023
…ion (elastic#5519) When the operator is deployed for the first time, the Secret which contains the webhook certificate is populated by the operator (if the webhook certificate is managed by ECK, which is the case by default). Unfortunately it can take some time for the content of the Secret to be propagated into the operator container. This commit marks the operator pod as updated using an annotation to speed up the secret propagation.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Mark the operator pod as updated to speed up secret propagation.
Fixes #3321.