Description
In #848 we had introduced a 5 second wait till Image Pull Secrets are injected into ServiceAccount or not. This was intended to avoid a race condition where the deployment is created before the secret is attached, leading to an unnecessary rollout/update.
Current Logic
- If the ServiceAccount has no
imagePullSecrets and it's still within the 5 seconds since its creation, then reconciliation is retried
- If the ServiceAccount has no
imagePullSecrets and it's past 5 seconds since its creation, then we assume secret is added.
|
if infrastructure.IsOpenShift() { |
|
if len(serviceAccount.ImagePullSecrets) == 0 && serviceAccount.CreationTimestamp.Add(pullSecretCreationTimeout).After(time.Now()) { |
|
return nil, &dwerrors.RetryError{Message: "Waiting for image pull secrets"} |
|
} |
|
} |
The 5-second window may not be enough on some clusters (e.g., under load or with slower control planes).
Acceptance Criteria
Description
In #848 we had introduced a 5 second wait till Image Pull Secrets are injected into ServiceAccount or not. This was intended to avoid a race condition where the deployment is created before the secret is attached, leading to an unnecessary rollout/update.
Current Logic
imagePullSecretsand it's still within the 5 seconds since its creation, then reconciliation is retriedimagePullSecretsand it's past 5 seconds since its creation, then we assume secret is added.devworkspace-operator/pkg/provision/workspace/pull_secret.go
Lines 72 to 76 in 4c53baa
The 5-second window may not be enough on some clusters (e.g., under load or with slower control planes).
Acceptance Criteria