fix issue when webhook server refreshing cert

kubernetes-sigs · Dec 18, 2018 · e05117f · e05117f
1 parent b497fd5
commit e05117f
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/pkg/webhook/server.go b/pkg/webhook/server.go
@@ -27,6 +27,7 @@ import (
 
 	"k8s.io/apimachinery/pkg/runtime"
 	apitypes "k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/runtime/inject"
@@ -36,6 +37,8 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/types"
 )
 
+const defaultCertRefreshInterval = 6 * 30 * 24 * time.Hour
+
 // ServerOptions are options for configuring an admission webhook server.
 type ServerOptions struct {
 	// Port is the port number that the server will serve.
@@ -219,11 +222,9 @@ func (s *Server) run(stop <-chan struct{}) error {
 		errCh <- srv.ListenAndServeTLS(path.Join(s.CertDir, writer.ServerCertName), path.Join(s.CertDir, writer.ServerKeyName))
 	}
 
+	timer := time.Tick(wait.Jitter(defaultCertRefreshInterval, 0.1))
 	go serveFn()
 	for {
-		// TODO(mengqiy): add jitter to the timer
-		// Could use https://godoc.org/k8s.io/apimachinery/pkg/util/wait#Jitter
-		timer := time.Tick(6 * 30 * 24 * time.Hour)
 		select {
 		case <-timer:
 			changed, err := s.RefreshCert()
@@ -240,11 +241,16 @@ func (s *Server) run(stop <-chan struct{}) error {
 				log.Error(err, "encountering error when shutting down")
 				return err
 			}
+			timer = time.Tick(wait.Jitter(defaultCertRefreshInterval, 0.1))
 			go serveFn()
 		case <-stop:
 			return nil
 		case e := <-errCh:
-			return e
+			// Don't exit when getting an http.ErrServerClosed error.
+			// We will get this error each time we restart the server.
+			if e != http.ErrServerClosed {
+				return e
+			}
 		}
 	}
 }