OCPBUGS-20056: EndpointAccessibleController: Retry the whole list endpoints and send request loop 3 times

[tchap]

The reason for this change is to get rid of intermittent Available=false, possibly even during upgrades.
This is achieved by retrying the whole fetch endpoints and send requests loop 3 times, including a short sleep between each attempt.

Mostly trying to improve CI, though. A failing job example.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci-robot]

@tchap: This pull request references Jira Issue OCPBUGS-20056, which is invalid:

• expected the bug to target the "4.22.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

The reason for this change is to get rid of intermittent Available=false, even during upgrades.
This is achieved by retrying the whole fetch endpoints and send requests loop 3 times, including a short sleep between each attempt.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0b0799fd-c4f9-44e2-ad85-57e4716df210

📥 Commits

Reviewing files that changed from the base of the PR and between 37b3d01 and ad9a720.

📒 Files selected for processing (2)

• pkg/libs/endpointaccessible/endpoint_accessible_controller.go
• pkg/libs/endpointaccessible/endpoint_accessible_controller_test.go

---

Walkthrough

Controller sync now retries full endpoint-list fetch plus parallel HTTP reachability checks up to configurable attempts with per-request context timeouts, retry intervals, and an injectable HTTP client; resync jitter base made configurable. Tests moved to in-process httptest servers and cover retry, stale-endpoint, and request-timeout scenarios.

Changes

Cohort / File(s)	Summary
Controller Implementation pkg/libs/endpointaccessible/endpoint_accessible_controller.go	Replaced hard-coded resync jitter with resyncInterval. Added overridable fields: httpClient, requestTimeout, retryInterval, attemptCount. Rewrote sync into a retry loop that re-fetches endpoints each attempt, applies per-request context timeouts, sleeps retryInterval between attempts, logs non-ResourceNotFound endpoint-list errors, short-circuits when at least one endpoint succeeds, and removed global http.Client timeout from TLS client construction.
Controller Tests pkg/libs/endpointaccessible/endpoint_accessible_controller_test.go	Renamed main test, switched from external URLs to httptest servers, and injects an explicit *http.Client. Added tests for retry on transient 500→200, stale-endpoint re-fetch behavior across retries, and per-request timeout enforcement using a hangingTransport. Introduced newSyncContext(t) and related test helpers.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[tchap]

/jira refresh

[openshift-ci-robot]

@tchap: This pull request references Jira Issue OCPBUGS-20056, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (ksiddiqu@redhat.com), skipping review request.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[tchap]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/libs/endpointaccessible/endpoint_accessible_controller.go`:
- Around line 142-153: The code currently returns the raw error when
c.endpointListFn() fails for non-NotFound cases, which bypasses the whole-cycle
retry/status update path; change the non-NotFound branch to mirror the NotFound
handling: build an OperatorStatus for c.availableConditionName with
ConditionFalse, set a Reason like "ListError" and the error text via
err.Error(), then call c.operatorClient.ApplyOperatorStatus(ctx,
c.controllerInstanceName, status) and return that result instead of returning
err directly so transient lister/cache failures update operator status and enter
the same retry path.
- Around line 112-119: The production path uses buildTLSClient() which
hard-codes Timeout: 5 * time.Second and thus overrides the computed
requestTimeout (default 10s) so client-level timeout wins and breaks
configurable retry behavior; fix by either removing the fixed Timeout in
buildTLSClient() to rely on context deadlines or change the call site (where
client is nil) to pass the computed requestTimeout into
buildTLSClient(requestTimeout) and apply that value to the client's Timeout;
update the buildTLSClient function signature and any callers to accept and use
requestTimeout (or remove the Timeout field entirely) so the requestTimeout
variable takes effect for production calls that create the http client.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: aabf9163-8091-402f-895c-249924e7eb8c

📥 Commits

Reviewing files that changed from the base of the PR and between 78d19ea and 795cde0.

📒 Files selected for processing (2)

• pkg/libs/endpointaccessible/endpoint_accessible_controller.go
• pkg/libs/endpointaccessible/endpoint_accessible_controller_test.go

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: tchap
Once this PR has been reviewed and has the lgtm label, please assign ibihim for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/libs/endpointaccessible/endpoint_accessible_controller.go`:
- Around line 145-148: The select that waits between retries currently ignores
the ctx.Done() branch and continues, so when ctx is canceled the controller
still runs another endpointListFn() and probe; update the select in the retry
loop inside the sync logic to exit the sync when ctx.Done() is selected (e.g.,
return from the enclosing function or break out of the retry loop) so that no
further endpointListFn() calls or probe passes occur after cancellation and you
don't immediately report EndpointUnavailable during shutdown.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a7514ce8-5dab-4adb-a476-6002444e71c1

📥 Commits

Reviewing files that changed from the base of the PR and between 795cde0 and 37b3d01.

📒 Files selected for processing (2)

• pkg/libs/endpointaccessible/endpoint_accessible_controller.go
• pkg/libs/endpointaccessible/endpoint_accessible_controller_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

• pkg/libs/endpointaccessible/endpoint_accessible_controller_test.go

[openshift-ci]

@tchap: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-operator-parallel-ote	37b3d01	link	false	/test e2e-aws-operator-parallel-ote
ci/prow/e2e-aws-operator-serial-ote	37b3d01	link	false	/test e2e-aws-operator-serial-ote
ci/prow/e2e-aws-operator-encryption-kms-serial-ote-2of2	37b3d01	link	false	/test e2e-aws-operator-encryption-kms-serial-ote-2of2
ci/prow/e2e-agnostic	37b3d01	link	true	/test e2e-agnostic
ci/prow/e2e-aws-operator-encryption-perf-serial-ote-1of2	37b3d01	link	false	/test e2e-aws-operator-encryption-perf-serial-ote-1of2
ci/prow/e2e-aws-operator-encryption-kms-serial-ote-1of2	37b3d01	link	false	/test e2e-aws-operator-encryption-kms-serial-ote-1of2
ci/prow/e2e-aws-operator-encryption-perf-serial-ote-2of2	37b3d01	link	false	/test e2e-aws-operator-encryption-perf-serial-ote-2of2
ci/prow/e2e-aws-operator-encryption-serial-ote-2of2	37b3d01	link	false	/test e2e-aws-operator-encryption-serial-ote-2of2
ci/prow/e2e-aws-operator-encryption-serial-ote-1of2	37b3d01	link	false	/test e2e-aws-operator-encryption-serial-ote-1of2
ci/prow/e2e-aws-operator-encryption-rotation-serial-ote-1of2	37b3d01	link	false	/test e2e-aws-operator-encryption-rotation-serial-ote-1of2
ci/prow/e2e-aws-operator-encryption-rotation-serial-ote-2of2	37b3d01	link	false	/test e2e-aws-operator-encryption-rotation-serial-ote-2of2

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci-robot]

@tchap: This pull request references Jira Issue OCPBUGS-20056, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (ksiddiqu@redhat.com), skipping review request.

Details

In response to this:

The reason for this change is to get rid of intermittent Available=false, possibly even during upgrades.
This is achieved by retrying the whole fetch endpoints and send requests loop 3 times, including a short sleep between each attempt.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[tchap]

Not 100% sure about these values. It effectively means there is an inertial of 40 seconds before an actual Available=false issue surfaces. But there is always a trade-off.