Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

perf: validate credentials and check apiserver connectivity before starting kubelet #5982

Open
wants to merge 21 commits into
base: master
Choose a base branch
from
Open

perf: validate credentials and check apiserver connectivity before starting kubelet #5982

wants to merge 21 commits into from

Conversation

cameronmeissner
Copy link
Collaborator

@cameronmeissner cameronmeissner commented Mar 4, 2025
edited
Loading

What type of PR is this?

What this PR does / why we need it:

we recently discovered that in cases where the kubelet tries to begin bootstrapping its client credential before its bootstrap token has been installed into the running control plane, kubelet will attempt to retry bootstrapping with a very aggressive exponential backoff which ends up causing node registration to be unnecessarily delayed

this PR adds a new script which is responsible for validating that kubelet's credential, whether that be a kubeconfig or bootstrap-kubeconfig, is valid and can be used to successfully authenticate with the apiserver via kubectl auth whoami. this script will be run as a further ExecStartPre specified within the kubelet.service unit file.

we already validate that the apiserver is up and reachable before starting kubelet to ensure that we avoid falling into the same trap of kubelet's backoff loop

Which issue(s) this PR fixes:

Fixes #

Requirements:

Special notes for your reviewer:

Release note:

none

@cameronmeissner cameronmeissner changed the title perf: validate credentials before starting kubelet to reduce startup latency perf: validate credentials and check apiserver connectivity before starting kubelet Mar 6, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 6, 2025

No changes to cached containers or packages on Windows VHDs

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 8, 2025

No changes to cached containers or packages on Windows VHDs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djsly djsly djsly left review comments

@Devinwong Devinwong Awaiting requested review from Devinwong Devinwong is a code owner

@lilypan26 lilypan26 Awaiting requested review from lilypan26 lilypan26 is a code owner

@r2k1 r2k1 Awaiting requested review from r2k1 r2k1 is a code owner

@timmy-wright timmy-wright Awaiting requested review from timmy-wright timmy-wright is a code owner

@juan-lee juan-lee Awaiting requested review from juan-lee juan-lee is a code owner

@UtheMan UtheMan Awaiting requested review from UtheMan UtheMan is a code owner

@ganeshkumarashok ganeshkumarashok Awaiting requested review from ganeshkumarashok ganeshkumarashok is a code owner

@anujmaheshwari1 anujmaheshwari1 Awaiting requested review from anujmaheshwari1 anujmaheshwari1 is a code owner

@AlisonB319 AlisonB319 Awaiting requested review from AlisonB319 AlisonB319 is a code owner

@AbelHu AbelHu Awaiting requested review from AbelHu AbelHu is a code owner

@junjiezhang1997 junjiezhang1997 Awaiting requested review from junjiezhang1997 junjiezhang1997 is a code owner

@jason1028kr jason1028kr Awaiting requested review from jason1028kr jason1028kr is a code owner

@phealy phealy Awaiting requested review from phealy phealy is a code owner

@zachary-bailey zachary-bailey Awaiting requested review from zachary-bailey zachary-bailey is a code owner

@bravebeaver bravebeaver Awaiting requested review from bravebeaver bravebeaver is a code owner

@smith1511 smith1511 Awaiting requested review from smith1511 smith1511 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cameronmeissner @djsly