diff --git a/pkg/cmd/controller/interfaces.go b/pkg/cmd/controller/interfaces.go index e9d7edab8..a31955e6e 100644 --- a/pkg/cmd/controller/interfaces.go +++ b/pkg/cmd/controller/interfaces.go @@ -94,6 +94,16 @@ func NewControllerContext( return nil, err } + // Create a new clientConfig for high rate limit workloads. + // Increase kube QPS to at least 100 QPS, burst to at least 200 QPS. + highRateLimitClientConfig := rest.CopyConfig(inClientConfig) + if highRateLimitClientConfig.QPS < 100 { + highRateLimitClientConfig.QPS = 100 + } + if highRateLimitClientConfig.Burst < 200 { + highRateLimitClientConfig.Burst = 200 + } + openshiftControllerContext := &ControllerContext{ OpenshiftControllerConfig: config, @@ -105,6 +115,14 @@ func NewControllerContext( Namespace: defaultOpenShiftInfraNamespace, }, }, + HighRateLimitClientBuilder: OpenshiftControllerClientBuilder{ + ControllerClientBuilder: controller.SAControllerClientBuilder{ + ClientConfig: rest.AnonymousClientConfig(highRateLimitClientConfig), + CoreClient: kubeClient.CoreV1(), + AuthenticationClient: kubeClient.AuthenticationV1(), + Namespace: defaultOpenShiftInfraNamespace, + }, + }, KubernetesInformers: informers.NewSharedInformerFactory(kubeClient, defaultInformerResyncPeriod), OpenshiftConfigKubernetesInformers: informers.NewSharedInformerFactoryWithOptions(kubeClient, defaultInformerResyncPeriod, informers.WithNamespace("openshift-config")), ControllerManagerKubeInformers: informers.NewSharedInformerFactoryWithOptions(kubeClient, defaultInformerResyncPeriod, informers.WithNamespace("openshift-controller-manager")), @@ -154,6 +172,9 @@ type ControllerContext struct { // ClientBuilder will provide a client for this controller to use ClientBuilder ControllerClientBuilder + // HighRateLimitClientBuilder will provide a client for this controller utilizing a higher rate limit. + // This will have a rate limit of at least 100 QPS, with a burst up to 200 QPS. + HighRateLimitClientBuilder ControllerClientBuilder KubernetesInformers informers.SharedInformerFactory OpenshiftConfigKubernetesInformers informers.SharedInformerFactory diff --git a/pkg/cmd/controller/serviceaccount.go b/pkg/cmd/controller/serviceaccount.go index 2b8ba1888..215964f2a 100644 --- a/pkg/cmd/controller/serviceaccount.go +++ b/pkg/cmd/controller/serviceaccount.go @@ -43,7 +43,10 @@ func RunServiceAccountController(ctx *ControllerContext) (bool, error) { } func RunServiceAccountPullSecretsController(ctx *ControllerContext) (bool, error) { - kc := ctx.ClientBuilder.ClientOrDie(iInfraServiceAccountPullSecretsControllerServiceAccountName) + // Bug 1785023: Increase the rate limit for the SA Pull Secrets controller. + // The pull secrets controller needs to create new dockercfg secrets at the same rate as the + // upstream token secret controller. + kc := ctx.HighRateLimitClientBuilder.ClientOrDie(iInfraServiceAccountPullSecretsControllerServiceAccountName) go serviceaccountcontrollers.NewDockercfgDeletedController( ctx.KubernetesInformers.Core().V1().Secrets(),