github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[Release-1.22] Secrets Encryption: Add RetryOnConflict around updating nodes (#5498) 

* Add RetryOnConflict around updating nodes

Signed-off-by: Derek Nola <derek.nola@suse.com>
pull/5508/head v1.22.9-rc3+k3s1
Derek Nola 2022-04-22 15:02:07 -07:00 committed by GitHub
parent b7c7a23e0f
commit aac491c8bd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
pkg/secretsencrypt/controller.go
View File

@ -18,6 +18,7 @@ import (
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/tools/pager"
"k8s.io/client-go/tools/record"
"k8s.io/client-go/util/retry"
)
const (
@ -57,7 +58,7 @@ func Register(
}
// onChangeNode handles changes to Nodes. We are looking for a specific annotation change
func (h *handler) onChangeNode(key string, node *corev1.Node) (*corev1.Node, error) {
func (h *handler) onChangeNode(nodeName string, node *corev1.Node) (*corev1.Node, error) {
if node == nil {
return nil, nil
}
@ -80,8 +81,16 @@ func (h *handler) onChangeNode(key string, node *corev1.Node) (*corev1.Node, err
return node, err
}
ann = EncryptionReencryptActive + "-" + reencryptHash
err = retry.RetryOnConflict(retry.DefaultRetry, func() error {
node, err = h.nodes.Get(nodeName, metav1.GetOptions{})
if err != nil {
return err
}
node.Annotations[EncryptionHashAnnotation] = ann
node, err = h.nodes.Update(node)
_, err = h.nodes.Update(node)
return err
})
if err != nil {
h.recorder.Event(node, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error())
return node, err
@ -94,11 +103,16 @@ func (h *handler) onChangeNode(key string, node *corev1.Node) (*corev1.Node, err
// If skipping, revert back to the previous stage
if h.controlConfig.EncryptSkip {
BootstrapEncryptionHashAnnotation(node, h.controlConfig.Runtime)
if node, err := h.nodes.Update(node); err != nil {
return node, err
err = retry.RetryOnConflict(retry.DefaultRetry, func() error {
node, err = h.nodes.Get(nodeName, metav1.GetOptions{})
if err != nil {
return err
}
return node, nil
BootstrapEncryptionHashAnnotation(node, h.controlConfig.Runtime)
_, err = h.nodes.Update(node)
return err
})
return node, err
}
// Remove last key
@ -118,7 +132,14 @@ func (h *handler) onChangeNode(key string, node *corev1.Node) (*corev1.Node, err
h.recorder.Event(node, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error())
return node, err
}
if err := WriteEncryptionHashAnnotation(h.controlConfig.Runtime, node, EncryptionReencryptFinished); err != nil {
err = retry.RetryOnConflict(retry.DefaultRetry, func() error {
node, err = h.nodes.Get(nodeName, metav1.GetOptions{})
if err != nil {
return err
}
return WriteEncryptionHashAnnotation(h.controlConfig.Runtime, node, EncryptionReencryptFinished)
})
if err != nil {
h.recorder.Event(node, corev1.EventTypeWarning, secretsUpdateErrorEvent, err.Error())
return node, err
}