From e8e5598381de2584d8fdb1053a84986ad358df44 Mon Sep 17 00:00:00 2001 From: Adam Kaplan Date: Mon, 30 Mar 2020 13:26:55 -0400 Subject: [PATCH] Bug 1785023: Increase pull secrets controller QPS to 100 Increase the k8s client QPS limit to 100, 200 burst for the service account pull secrets controller. This ensures that pull secrets for the registry are created as quickly as the tokens are generated. --- pkg/cmd/controller/interfaces.go | 21 +++++++++++++++++++++ pkg/cmd/controller/serviceaccount.go | 5 ++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/pkg/cmd/controller/interfaces.go b/pkg/cmd/controller/interfaces.go index e9d7edab8..a31955e6e 100644 --- a/pkg/cmd/controller/interfaces.go +++ b/pkg/cmd/controller/interfaces.go @@ -94,6 +94,16 @@ func NewControllerContext( return nil, err } + // Create a new clientConfig for high rate limit workloads. + // Increase kube QPS to at least 100 QPS, burst to at least 200 QPS. + highRateLimitClientConfig := rest.CopyConfig(inClientConfig) + if highRateLimitClientConfig.QPS < 100 { + highRateLimitClientConfig.QPS = 100 + } + if highRateLimitClientConfig.Burst < 200 { + highRateLimitClientConfig.Burst = 200 + } + openshiftControllerContext := &ControllerContext{ OpenshiftControllerConfig: config, @@ -105,6 +115,14 @@ func NewControllerContext( Namespace: defaultOpenShiftInfraNamespace, }, }, + HighRateLimitClientBuilder: OpenshiftControllerClientBuilder{ + ControllerClientBuilder: controller.SAControllerClientBuilder{ + ClientConfig: rest.AnonymousClientConfig(highRateLimitClientConfig), + CoreClient: kubeClient.CoreV1(), + AuthenticationClient: kubeClient.AuthenticationV1(), + Namespace: defaultOpenShiftInfraNamespace, + }, + }, KubernetesInformers: informers.NewSharedInformerFactory(kubeClient, defaultInformerResyncPeriod), OpenshiftConfigKubernetesInformers: informers.NewSharedInformerFactoryWithOptions(kubeClient, defaultInformerResyncPeriod, informers.WithNamespace("openshift-config")), ControllerManagerKubeInformers: informers.NewSharedInformerFactoryWithOptions(kubeClient, defaultInformerResyncPeriod, informers.WithNamespace("openshift-controller-manager")), @@ -154,6 +172,9 @@ type ControllerContext struct { // ClientBuilder will provide a client for this controller to use ClientBuilder ControllerClientBuilder + // HighRateLimitClientBuilder will provide a client for this controller utilizing a higher rate limit. + // This will have a rate limit of at least 100 QPS, with a burst up to 200 QPS. + HighRateLimitClientBuilder ControllerClientBuilder KubernetesInformers informers.SharedInformerFactory OpenshiftConfigKubernetesInformers informers.SharedInformerFactory diff --git a/pkg/cmd/controller/serviceaccount.go b/pkg/cmd/controller/serviceaccount.go index 2b8ba1888..215964f2a 100644 --- a/pkg/cmd/controller/serviceaccount.go +++ b/pkg/cmd/controller/serviceaccount.go @@ -43,7 +43,10 @@ func RunServiceAccountController(ctx *ControllerContext) (bool, error) { } func RunServiceAccountPullSecretsController(ctx *ControllerContext) (bool, error) { - kc := ctx.ClientBuilder.ClientOrDie(iInfraServiceAccountPullSecretsControllerServiceAccountName) + // Bug 1785023: Increase the rate limit for the SA Pull Secrets controller. + // The pull secrets controller needs to create new dockercfg secrets at the same rate as the + // upstream token secret controller. + kc := ctx.HighRateLimitClientBuilder.ClientOrDie(iInfraServiceAccountPullSecretsControllerServiceAccountName) go serviceaccountcontrollers.NewDockercfgDeletedController( ctx.KubernetesInformers.Core().V1().Secrets(),