From 61c33124f87b9ed8b3864fcb9d250d48a055dd6e Mon Sep 17 00:00:00 2001 From: Jintao Zhang Date: Fri, 24 Jun 2022 01:27:53 +0800 Subject: [PATCH 1/2] feat: migrate leaderelection lock to leases Signed-off-by: Jintao Zhang --- internal/ingress/controller/status.go | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/internal/ingress/controller/status.go b/internal/ingress/controller/status.go index 7b90594a92..a56a6b8318 100644 --- a/internal/ingress/controller/status.go +++ b/internal/ingress/controller/status.go @@ -93,12 +93,24 @@ func setupLeaderElection(config *leaderElectionConfig) { Host: hostname, }) - lock := resourcelock.ConfigMapLock{ - ConfigMapMeta: metav1.ObjectMeta{Namespace: k8s.IngressPodDetails.Namespace, Name: config.ElectionID}, - Client: config.Client.CoreV1(), - LockConfig: resourcelock.ResourceLockConfig{ - Identity: k8s.IngressPodDetails.Name, - EventRecorder: recorder, + objectMeta := metav1.ObjectMeta{Namespace: k8s.IngressPodDetails.Namespace, Name: config.ElectionID} + resourceLockConfig := resourcelock.ResourceLockConfig{ + Identity: k8s.IngressPodDetails.Name, + EventRecorder: recorder, + } + + // TODO: If we upgrade client-go to v0.24 then we can only use LeaseLock. + // MultiLock is used for lock's migration + lock := resourcelock.MultiLock{ + Primary: &resourcelock.ConfigMapLock{ + ConfigMapMeta: objectMeta, + Client: config.Client.CoreV1(), + LockConfig: resourceLockConfig, + }, + Secondary: &resourcelock.LeaseLock{ + LeaseMeta: objectMeta, + Client: config.Client.CoordinationV1(), + LockConfig: resourceLockConfig, }, } From 62a876a80875d53756b0831f03d518295f76f9f8 Mon Sep 17 00:00:00 2001 From: Shafeeque E S Date: Mon, 3 Jan 2022 12:10:18 +0530 Subject: [PATCH 2/2] Update RBAC --- charts/ingress-nginx/templates/clusterrole.yaml | 7 +++++++ .../ingress-nginx/templates/controller-role.yaml | 15 +++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/charts/ingress-nginx/templates/clusterrole.yaml b/charts/ingress-nginx/templates/clusterrole.yaml index c093f048a0..0e725ec06c 100644 --- a/charts/ingress-nginx/templates/clusterrole.yaml +++ b/charts/ingress-nginx/templates/clusterrole.yaml @@ -29,6 +29,13 @@ rules: verbs: - list - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch {{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }} - apiGroups: - "" diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml index 47bbc32d00..8e5f8a0d7b 100644 --- a/charts/ingress-nginx/templates/controller-role.yaml +++ b/charts/ingress-nginx/templates/controller-role.yaml @@ -73,6 +73,21 @@ rules: - configmaps verbs: - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - {{ .Values.controller.electionID }} + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - "" resources: