Revision 08d9fa30ab1192324c340392a1276e074c10527e authored by David Bimmler on 28 November 2022, 14:15:22 UTC, committed by Paul Chaignon on 14 December 2022, 12:07:43 UTC
[ upstream commit ffef1a85efe7f472b4d8f210cfd35e292d98be4a ] While a 404 Not Found or a 409 Conflict can be considered successful interactions with the k8s API, a blanket accept for all 4xx codes is problematic. Since LastSuccessInteraction is exclusively used as an optimisation, we should err on the cautious side: accept the potential increase in heartbeats to avoid missing being unable to effecticely communicate with the k8s API. As an example of how this can go wrong, in #20915 we have an issue around receiving 401 Unauthorized from the EKS control plane. At sufficient scale, we never see a need to run the heartbeat. Running the heartbeat, however, would close and reopen the connections on receiving a 401, and thus restore connectivity to the k8s API. We currently only use the LastSuccessInteraction to as an optimisation to not perform unnecessary k8s API heartbeats, this "metric" (possibly a misnomer) is not used or exposed and changing its semantics is acceptable. Fixes: f2998b0cc472290ec64068ec15510608778fb431 Signed-off-by: David Bimmler <david.bimmler@isovalent.com> Co-authored-by: Sebastian Wicki <gandro@gmx.net> Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
1 parent 552872f
.gitignore
# Compiled Object files, Static and Dynamic libs (Shared Objects)
*.o
*.a
*.so
*.so.*
# LLVM IR files
*.ll
*.ll-*
# Folders
_obj
_test
_build/
# Architecture specific extensions/prefixes
*.cgo1.go
*.cgo2.c
_cgo_defun.c
_cgo_gotypes.go
_cgo_export.*
_testmain.go
*.exe
*.test
*.prof
*.swn
*.swp
.vagrant
vagrant.kubeconfig
coverage.out
coverage-all.out
coverage-all.html
coverage-all-tmp.out
.DS_Store
.idea/
.vscode/
*.plist
*_bash_completion
*.swo
outgoing
*cscope.files
*cscope.out
*cscope.in.out
*cscope.po.out
*tags
.gdb_history
man/
tests/cilium-files
test/test_results*
test/.vagrant
test/tmp.yaml
test/*_manifest.yaml
test/*.xml
test/*.json
test/*.log
test/bpf/_results
test/cilium-[0-9a-f]*.yaml
test/*tmp
test/cilium-istioctl
# generated test files
test/k8sT/manifests/cnp-second-namespaces.yaml
test/cilium.conf.ginkgo
external-workload-ca.crt
external-workload-tls.crt
external-workload-tls.key
# GKE temporary files
test/gke/cluster-name
test/gke/cluster-uri
test/gke/cluster-version
test/gke/gke-kubeconfig
test/gke/resize-kubeconfig
test/gke/registry-adder.yaml
# Emacs backup files
*~
# generated from make targets
*.ok
*.build_all
LICENSE.all
# Temporary files that allow build containers/VMs work without git
# Not to be ignored by docker.
GIT_VERSION
# The following files get created during image builds
.buildx
.buildx_builder
# Local developer config to be executed in the dev VM and CI VMs started locally
.devvmrc
# Generated dockerignore files
images/*/Dockerfile.dockerignore
Computing file changes ...
