Increase caching duration for DNS entries, CAPA: Skip reconciliation …

…if paused annotation exists on `AWSCluster` object (#213)
giantswarm · Jan 30, 2024 · b4f2171 · b4f2171
1 parent 8cb16c9
commit b4f2171
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - List many hosted zones at once in one Route53 request and cache all returned zones. This reduces the number of Route53 requests and therefore avoids rate limit (throttling) errors.
+- CAPA: Skip reconciliation if paused annotation exists on `AWSCluster` object
 
 ## [0.23.2] - 2024-01-29
 

diff --git a/controllers/capa_controller.go b/controllers/capa_controller.go
@@ -33,6 +33,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/yaml"
 	"k8s.io/client-go/tools/record"
 	capa "sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"
+	"sigs.k8s.io/cluster-api/util/annotations"
 	"sigs.k8s.io/cluster-api/util/patch"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -77,6 +78,11 @@ func (r *CAPAClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		return ctrl.Result{}, microerror.Mask(client.IgnoreNotFound(err))
 	}
 
+	if annotations.HasPaused(cluster) {
+		logger.Info("AWSCluster is marked as paused, skipping")
+		return ctrl.Result{}, nil
+	}
+
 	awsClusterRoleIdentity := &capa.AWSClusterRoleIdentity{}
 	err = r.Get(ctx, types.NamespacedName{Name: cluster.Spec.IdentityRef.Name}, awsClusterRoleIdentity)
 	if err != nil {

diff --git a/pkg/aws/services/route53/route53.go b/pkg/aws/services/route53/route53.go
@@ -51,7 +51,13 @@ func (s *Service) findHostedZone(zoneName string, public bool) (string, error) {
 	}
 
 	for _, zone := range listResponse.HostedZones {
-		s.scope.Cache().Set(makeCacheKey(strings.TrimSuffix(*zone.Name, "."), !*zone.Config.PrivateZone), *zone.Id, 3*time.Minute)
+		s.scope.Cache().Set(
+			makeCacheKey(strings.TrimSuffix(*zone.Name, "."), !*zone.Config.PrivateZone),
+			*zone.Id,
+			// We requeue every few minutes to update OIDC certificate thumbprints (see controller code), and there's no
+			// reason to think that a DNS zone ID was changed/deleted for the purposes of irsa-operator. So cache results
+			// long enough to last 2 reconciliations (= cache longer than controller's requeue interval).
+			7*time.Minute)
 	}
 
 	// We return the first zone found that matches the basename and is public or not according to the parameter.