Restarts KES while deploying prow

Prow now authenticates with build clusters with tokens that are valid for 2 days. The token is refreshed by a prow job https://prow.k8s.io/?type=periodic&job=ci-test-infra-gencred-refresh-kubeconfig and stores in GCP secret manager, KES is responsible for syncing the secrets into prow. Have observed KES being flaky at time to time, generally more than 10 days after the KES pods started running. See kubernetes#24869 (comment) This is a temporary solution aim to mitigate the issue of long running KES pods
chaodaiG · Jun 6, 2022 · 5224fa5 · 5224fa5
1 parent 7d6aa45
commit 5224fa5
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/config/prow/Makefile b/config/prow/Makefile
@@ -35,6 +35,11 @@ deploy-prow: get-cluster-credentials
 	kubectl apply --server-side=true -f ./cluster/prowjob-crd/prowjob_customresourcedefinition.yaml
 	kubectl apply -f ./cluster/
 
+	# Temporary solution for working around the issue of KES being flaky, see
+	# https://github.com/kubernetes/test-infra/issues/24869#issuecomment-1147530320.
+	# TODO(chaodaiG): remove this once the above issue is fixed.
+	kubectl rollout restart deployment kubernetes-external-secrets
+
 deploy-build: get-build-cluster-credentials
 	kubectl apply -f ./cluster/build/