From e05117f6eb2fdf2fa160734e42276ce4f2acdbb1 Mon Sep 17 00:00:00 2001 From: Mengqi Yu Date: Tue, 18 Dec 2018 13:21:02 -0800 Subject: [PATCH] fix issue when webhook server refreshing cert --- pkg/webhook/server.go | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/pkg/webhook/server.go b/pkg/webhook/server.go index 6724cee8db..b1ff978f4f 100644 --- a/pkg/webhook/server.go +++ b/pkg/webhook/server.go @@ -27,6 +27,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" apitypes "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/wait" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" "sigs.k8s.io/controller-runtime/pkg/runtime/inject" @@ -36,6 +37,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/types" ) +const defaultCertRefreshInterval = 6 * 30 * 24 * time.Hour + // ServerOptions are options for configuring an admission webhook server. type ServerOptions struct { // Port is the port number that the server will serve. @@ -219,11 +222,9 @@ func (s *Server) run(stop <-chan struct{}) error { errCh <- srv.ListenAndServeTLS(path.Join(s.CertDir, writer.ServerCertName), path.Join(s.CertDir, writer.ServerKeyName)) } + timer := time.Tick(wait.Jitter(defaultCertRefreshInterval, 0.1)) go serveFn() for { - // TODO(mengqiy): add jitter to the timer - // Could use https://godoc.org/k8s.io/apimachinery/pkg/util/wait#Jitter - timer := time.Tick(6 * 30 * 24 * time.Hour) select { case <-timer: changed, err := s.RefreshCert() @@ -240,11 +241,16 @@ func (s *Server) run(stop <-chan struct{}) error { log.Error(err, "encountering error when shutting down") return err } + timer = time.Tick(wait.Jitter(defaultCertRefreshInterval, 0.1)) go serveFn() case <-stop: return nil case e := <-errCh: - return e + // Don't exit when getting an http.ErrServerClosed error. + // We will get this error each time we restart the server. + if e != http.ErrServerClosed { + return e + } } } }