serviceaccount: If namespace is terminating, ignore create errors
In some scenarios the service account and token controllers can race with namespace deletion, causing a burst of errors as they attempt to recreate secrets being deleted. Instead, detect these errors and do not retry.
This commit is contained in:
parent
937ef77257
commit
dc0c21c7d7
@ -213,7 +213,10 @@ func (c *ServiceAccountsController) syncNamespace(key string) error {
|
||||
sa.Namespace = ns.Name
|
||||
|
||||
if _, err := c.client.CoreV1().ServiceAccounts(ns.Name).Create(&sa); err != nil && !apierrs.IsAlreadyExists(err) {
|
||||
createFailures = append(createFailures, err)
|
||||
// we can safely ignore terminating namespace errors
|
||||
if !apierrs.HasStatusCause(err, v1.NamespaceTerminatingCause) {
|
||||
createFailures = append(createFailures, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -408,6 +408,10 @@ func (e *TokensController) ensureReferencedToken(serviceAccount *v1.ServiceAccou
|
||||
// Save the secret
|
||||
createdToken, err := e.client.CoreV1().Secrets(serviceAccount.Namespace).Create(secret)
|
||||
if err != nil {
|
||||
// if the namespace is being terminated, create will fail no matter what
|
||||
if apierrors.HasStatusCause(err, v1.NamespaceTerminatingCause) {
|
||||
return false, err
|
||||
}
|
||||
// retriable error
|
||||
return true, err
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user