diff --git a/api/kubernetes/cli/client.go b/api/kubernetes/cli/client.go index 8a3d42233..0c4347d8a 100644 --- a/api/kubernetes/cli/client.go +++ b/api/kubernetes/cli/client.go @@ -80,22 +80,31 @@ func (factory *ClientFactory) RemoveKubeClient(endpointID portainer.EndpointID) // GetKubeClient checks if an existing client is already registered for the environment(endpoint) and returns it if one is found. // If no client is registered, it will create a new client, register it, and returns it. func (factory *ClientFactory) GetKubeClient(endpoint *portainer.Endpoint) (*KubeClient, error) { + factory.mu.Lock() + key := strconv.Itoa(int(endpoint.ID)) + if client, ok := factory.endpointClients[key]; ok { + factory.mu.Unlock() + return client, nil + } + factory.mu.Unlock() + + // EE-6901: Do not lock + client, err := factory.createCachedAdminKubeClient(endpoint) + if err != nil { + return nil, err + } + factory.mu.Lock() defer factory.mu.Unlock() - key := strconv.Itoa(int(endpoint.ID)) - client, ok := factory.endpointClients[key] - if !ok { - var err error - - client, err = factory.createCachedAdminKubeClient(endpoint) - if err != nil { - return nil, err - } - - factory.endpointClients[key] = client + // The lock was released before the client was created, + // so we need to check again + if c, ok := factory.endpointClients[key]; ok { + return c, nil } + factory.endpointClients[key] = client + return client, nil }