m/n/kubernetes: run reconciler before starting more services
This makes sure we successfully ran the reconciler at least once before
attempting to running more than the apiserver. It saves us from a whole
bunch of services complaining about not having the right permissions to
(yet) access the cluster.
Change-Id: I605eae9d6bbcc16a9dcb971caa26ee56a06e5d5b
Reviewed-on: https://review.monogon.dev/c/monogon/+/1358
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI
diff --git a/metropolis/node/kubernetes/reconciler/reconciler.go b/metropolis/node/kubernetes/reconciler/reconciler.go
index 1828060..dfbb42d 100644
--- a/metropolis/node/kubernetes/reconciler/reconciler.go
+++ b/metropolis/node/kubernetes/reconciler/reconciler.go
@@ -126,24 +126,30 @@
}
}
-func Run(clientSet kubernetes.Interface) supervisor.Runnable {
+func ReconcileAll(ctx context.Context, clientSet kubernetes.Interface) error {
+ resources := allResources(clientSet)
+ for name, resource := range resources {
+ err := reconcile(ctx, resource)
+ if err != nil {
+ return fmt.Errorf("resource %s: %w", name, err)
+ }
+ }
+ return nil
+}
+
+func Maintain(clientSet kubernetes.Interface) supervisor.Runnable {
return func(ctx context.Context) error {
log := supervisor.Logger(ctx)
- resources := allResources(clientSet)
- t := time.NewTicker(10 * time.Second)
- reconcileAll := func() {
- for name, resource := range resources {
- if err := reconcile(ctx, resource); err != nil {
- log.Warningf("Failed to reconcile built-in resources %s: %v", name, err)
- }
- }
- }
supervisor.Signal(ctx, supervisor.SignalHealthy)
- reconcileAll()
+ t := time.NewTicker(10 * time.Second)
+ defer t.Stop()
for {
select {
case <-t.C:
- reconcileAll()
+ err := ReconcileAll(ctx, clientSet)
+ if err != nil {
+ log.Warning(err)
+ }
case <-ctx.Done():
return nil
}