Skip to content

Instantly share code, notes, and snippets.

@aramase

aramase/Feature-SetRetryAfterHeader.md

Last active July 23, 2021 19:20
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save aramase/f947e655ff94e065ba7b320f98794fe7 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save aramase/f947e655ff94e065ba7b320f98794fe7 to your computer and use it in GitHub Desktop.
Download ZIP
How to enable set-retry-after-header feature in aad-pod-identity v1.8.2
Raw
Feature-SetRetryAfterHeader.md

AAD Pod Identity v1.8.2-rc.0 adds a new feature flag to enable setting Retry-After header in the error response from NMI. The error is only when the identity is still being assigned by NMI or no valid AzureAssignedIdentity is found yet. This enables SDK's to retry based on the http status code 503 and the retry after header.

When enabling this feature, the default retries in NMI should be explicitly disabled to rather rely on the SDK for retries.

  1. Change the NMI image to mcr.microsoft.com/oss/azure/aad-pod-identity/nmi:v1.8.2-rc.0

https://github.com/Azure/aad-pod-identity/blob/9e31f9cc308e1c091da0557920fe13f74c8a1c43/deploy/infra/deployment-rbac.yaml#L478

  1. Append these args in the NMI container

https://github.com/Azure/aad-pod-identity/blob/9e31f9cc308e1c091da0557920fe13f74c8a1c43/deploy/infra/deployment-rbac.yaml#L479-L482

--set-retry-after-header=true

--retry-attempts-for-created=1

--retry-attempts-for-assigned=1

--find-identity-retry-interval=1

This will force NMI to return immediately with the Retry-After header 20s.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment