github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

serviceaccount: If namespace is terminating, ignore create errors

Browse Source 
In some scenarios the service account and token controllers can
race with namespace deletion, causing a burst of errors as they
attempt to recreate secrets being deleted.

Instead, detect these errors and do not retry.
This commit is contained in:
Clayton Coleman
2019-10-20 16:09:19 -04:00
parent 937ef77257
commit dc0c21c7d7
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/controller/serviceaccount/serviceaccounts_controller.go
View File

@@ -213,7 +213,10 @@ func (c *ServiceAccountsController) syncNamespace(key string) error {
sa.Namespace = ns.Name
if _, err := c.client.CoreV1().ServiceAccounts(ns.Name).Create(&sa); err != nil && !apierrs.IsAlreadyExists(err) {
createFailures = append(createFailures, err)
// we can safely ignore terminating namespace errors
if !apierrs.HasStatusCause(err, v1.NamespaceTerminatingCause) {
createFailures = append(createFailures, err)
}
}
}