Configure max retries

Signed-off-by: Alvaro Neira Ayuso <[email protected]>

cmd/controller/main.go

@@ -58,6 +58,8 @@ func bindControllerFlags(f *controller.Flags, fs *flag.FlagSet) {
 
 	fs.DurationVar(&f.KeyRenewPeriod, "rotate-period", defaultKeyRenewPeriod, "")
 	_ = fs.MarkDeprecated("rotate-period", "please use key-renew-period instead")
+
+	fs.IntVar(&f.MaxRetries, "max-retries", 5, "Max retries.")
 }
 
 func bindFlags(f *controller.Flags, fs *flag.FlagSet, gofs *goflag.FlagSet) {

helm/sealed-secrets/templates/deployment.yaml

@@ -145,6 +145,10 @@ spec:
             - --listen-metrics-addr
             - {{ printf ":%s" (.Values.containerPorts.metrics | toString) }}
             {{- end }}
+            {{- if .Values.maxRetries }}
+            - --max-retries
+            - {{ .Values.maxRetries | quote }}
+            {{- end }}
           {{- end }}
           image: {{ printf "%s/%s:%s" .Values.image.registry .Values.image.repository .Values.image.tag }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}

helm/sealed-secrets/values.yaml

@@ -112,6 +112,9 @@ logLevel: ""
 ## @param logFormat Specifies log format (text,json)
 ##
 logFormat: ""
+## @param maxRetries Number of maximum retries
+##
+maxRetries: ""
 ## @param command Override default container command
 ##
 command: []

pkg/controller/controller.go

@@ -38,8 +38,6 @@ import (
 )
 
 const (
-	maxRetries = 5
-
 	// SuccessUnsealed is used as part of the Event 'reason' when
 	// a SealedSecret is unsealed successfully.
 	SuccessUnsealed = "Unsealed"
@@ -60,6 +58,8 @@ const (
 var (
 	// ErrCast happens when a K8s any type cannot be casted to the expected type.
 	ErrCast = errors.New("cast error")
+
+	maxRetries = 5
 )
 
 // Controller implements the main sealed-secrets-controller loop.
@@ -77,7 +77,7 @@ type Controller struct {
 }
 
 // NewController returns the main sealed-secrets controller loop.
-func NewController(clientset kubernetes.Interface, ssclientset ssclientset.Interface, ssinformer ssinformer.SharedInformerFactory, sinformer informers.SharedInformerFactory, keyRegistry *KeyRegistry) (*Controller, error) {
+func NewController(clientset kubernetes.Interface, ssclientset ssclientset.Interface, ssinformer ssinformer.SharedInformerFactory, sinformer informers.SharedInformerFactory, keyRegistry *KeyRegistry, maxRetriesConfig int) (*Controller, error) {
 	queue := workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter())
 
 	utilruntime.Must(ssscheme.AddToScheme(scheme.Scheme))
@@ -102,6 +102,8 @@ func NewController(clientset kubernetes.Interface, ssclientset ssclientset.Inter
 		}
 	}
 
+	maxRetries = maxRetriesConfig
+
 	return &Controller{
 		ssInformer:  ssInformer,
 		sInformer:   sInformer,

pkg/controller/main.go

@@ -55,6 +55,7 @@ type Flags struct {
 	LogFormat             string
 	PrivateKeyAnnotations string
 	PrivateKeyLabels      string
+	MaxRetries            int
 }
 
 func initKeyPrefix(keyPrefix string) (string, error) {
@@ -267,7 +268,7 @@ func Main(f *Flags, version string) error {
 func prepareController(clientset kubernetes.Interface, namespace string, tweakopts func(*metav1.ListOptions), f *Flags, ssclientset versioned.Interface, keyRegistry *KeyRegistry) (*Controller, error) {
 	sinformer := initSecretInformerFactory(clientset, namespace, tweakopts, f.SkipRecreate)
 	ssinformer := ssinformers.NewFilteredSharedInformerFactory(ssclientset, 0, namespace, tweakopts)
-	controller, err := NewController(clientset, ssclientset, ssinformer, sinformer, keyRegistry)
+	controller, err := NewController(clientset, ssclientset, ssinformer, sinformer, keyRegistry, f.MaxRetries)
 	return controller, err
 }