From b4f2171810d316c1ed156f726f17864038cd92a4 Mon Sep 17 00:00:00 2001
From: Andreas Sommer <andreas@giantswarm.io>
Date: Tue, 30 Jan 2024 12:55:56 +0100
Subject: [PATCH] Increase caching duration for DNS entries, CAPA: Skip
 reconciliation if paused annotation exists on `AWSCluster` object (#213)

---
 CHANGELOG.md                        | 1 +
 controllers/capa_controller.go      | 6 ++++++
 pkg/aws/services/route53/route53.go | 8 +++++++-
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4afa5d02..0ab4d943 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - List many hosted zones at once in one Route53 request and cache all returned zones. This reduces the number of Route53 requests and therefore avoids rate limit (throttling) errors.
+- CAPA: Skip reconciliation if paused annotation exists on `AWSCluster` object
 
 ## [0.23.2] - 2024-01-29
 
diff --git a/controllers/capa_controller.go b/controllers/capa_controller.go
index d80beff6..4e32724d 100644
--- a/controllers/capa_controller.go
+++ b/controllers/capa_controller.go
@@ -33,6 +33,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/yaml"
 	"k8s.io/client-go/tools/record"
 	capa "sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"
+	"sigs.k8s.io/cluster-api/util/annotations"
 	"sigs.k8s.io/cluster-api/util/patch"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -77,6 +78,11 @@ func (r *CAPAClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		return ctrl.Result{}, microerror.Mask(client.IgnoreNotFound(err))
 	}
 
+	if annotations.HasPaused(cluster) {
+		logger.Info("AWSCluster is marked as paused, skipping")
+		return ctrl.Result{}, nil
+	}
+
 	awsClusterRoleIdentity := &capa.AWSClusterRoleIdentity{}
 	err = r.Get(ctx, types.NamespacedName{Name: cluster.Spec.IdentityRef.Name}, awsClusterRoleIdentity)
 	if err != nil {
diff --git a/pkg/aws/services/route53/route53.go b/pkg/aws/services/route53/route53.go
index 00f9ac0e..d49ebe47 100644
--- a/pkg/aws/services/route53/route53.go
+++ b/pkg/aws/services/route53/route53.go
@@ -51,7 +51,13 @@ func (s *Service) findHostedZone(zoneName string, public bool) (string, error) {
 	}
 
 	for _, zone := range listResponse.HostedZones {
-		s.scope.Cache().Set(makeCacheKey(strings.TrimSuffix(*zone.Name, "."), !*zone.Config.PrivateZone), *zone.Id, 3*time.Minute)
+		s.scope.Cache().Set(
+			makeCacheKey(strings.TrimSuffix(*zone.Name, "."), !*zone.Config.PrivateZone),
+			*zone.Id,
+			// We requeue every few minutes to update OIDC certificate thumbprints (see controller code), and there's no
+			// reason to think that a DNS zone ID was changed/deleted for the purposes of irsa-operator. So cache results
+			// long enough to last 2 reconciliations (= cache longer than controller's requeue interval).
+			7*time.Minute)
 	}
 
 	// We return the first zone found that matches the basename and is public or not according to the parameter.