From d713683614fad5aa8cf6d3af467d81d4b6bdfda2 Mon Sep 17 00:00:00 2001
From: niusmallnan <niusmallnan@gmail.com>
Date: Thu, 14 May 2020 17:00:53 +0800
Subject: [PATCH] Add retry backoff for starting network-policy controller

Signed-off-by: niusmallnan <niusmallnan@gmail.com>
---
 pkg/agent/netpol/network_policy.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/pkg/agent/netpol/network_policy.go b/pkg/agent/netpol/network_policy.go
index a9ce693779..04b3cb9b53 100644
--- a/pkg/agent/netpol/network_policy.go
+++ b/pkg/agent/netpol/network_policy.go
@@ -8,8 +8,12 @@ import (
 
 	"github.com/rancher/k3s/pkg/daemons/config"
 	"github.com/sirupsen/logrus"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"
+	"k8s.io/client-go/util/retry"
 )
 
 func Run(ctx context.Context, nodeConfig *config.Node) error {
@@ -28,6 +32,21 @@ func Run(ctx context.Context, nodeConfig *config.Node) error {
 		return err
 	}
 
+	// retry backoff to wait for the clusterrolebinding of user "system:k3s-controller"
+	retryBackoff := wait.Backoff{
+		Steps:    6,
+		Duration: 100 * time.Millisecond,
+		Factor:   3.0,
+		Cap:      30 * time.Second,
+	}
+	retryErr := retry.OnError(retryBackoff, errors.IsForbidden, func() error {
+		_, err := client.NetworkingV1().NetworkPolicies("").List(ctx, metav1.ListOptions{})
+		return err
+	})
+	if retryErr != nil {
+		return retryErr
+	}
+
 	npc, err := NewNetworkPolicyController(ctx.Done(), client, time.Minute, nodeConfig.AgentConfig.NodeName)
 	if err != nil {
 		return err