🐛 Support running alongside other Cluster API pods in the same namespace with leader election enabled #273
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
size/XS
|
Hi @noamran. Thanks for your PR. I'm waiting for a kubernetes-sigs or kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
main.go
Outdated
| @@ -103,6 +103,7 @@ func main() { | |||
| Scheme: scheme, | |||
| MetricsBindAddress: metricsAddr, | |||
| LeaderElection: enableLeaderElection, | |||
| LeaderElectionID: "controller-leader-election-helper-cabpk", | |||
There was a problem hiding this comment.
Non-blocking but it would be nice to make this into a constant
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: noamran, vincepri The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
I don't believe so, since it is scoped to a namespace (We can set ctrl.Options.LeaderElectionNamespace It looks like we can just set ctrl.Options.LeaderElectionNamespace to watchNamespace, since controller-runtime handles defaulting if it is "": https://github.com/kubernetes-sigs/controller-runtime/blob/master/pkg/leaderelection/leader_election.go#L61-L67 |
|
Do you think it makes more sense to match the configmap's namespace to the pod's namespace or the watchNamespace? I guess I would expect it to match the pod. |
Maybe... This would be the default semantics today based on using the in cluster client for getting the Namespace. |
|
Using watchNamespace is nice, since we know the user is specifically limiting the watchNamespace to a single Namespace, but it also then possibly exposes the leader election configmap to users, which might not be desirable... That said, I wouldn't expect users to override the namespace for the Deployment unless they knew they wanted to run multiple controllers scoped down to a single namespace... |
|
I would recommend (ordered by preference, high to low):
And 💯 that users 99.999% of the time don't need to know about the leader election namespace, or need to customize it. |
This exposes a similar footgun to overriding
This exposes a similar footgun to overriding Another question I just thought of: Do we ever think it should be possible to deploy multiple CABPK( or any Cluster API controller) in the same namespace with different |
|
Should we move this conversation to an issue? I'd propose to merge this change as-is given that we're planning to release CABPK today, and explore different options (as outlined above) in a new issue, possibly making it consistent for all of CAP* projects. How does that sound? |
|
Yeah, I don't think we should expose any of this as flags. I think including the watchNamespace in the name of the configmap could be a slippery slope - what if the watchNamespace's length is 250 characters (with the max being 253)? Then we can't have both +1 to merging as-is (pending @detiber's suggestion to remove |
|
So, the tricky part is that any change to the leaderElectionID and/or leaderElectionNamespace is a dangerous change... The release note should include: Otherwise there will be competing controllers using different resource locks during the course of the deployment. I think we should be careful to limit these types of disruptive changes. If we are going to release today, then we should likely not include this change, or we should be good with the naming/namespacing convention we choose for at least a few releases. |
|
@noamran FYI, the title of the PR is used in the release notes. I would recommend retitling to something like "Support running alongside other Cluster API pods in the same namespace with leader election enabled" |
noamran
changed the title
|
LGTM. Could you please squash down to 1 commit? |
Co-Authored-By: Jason DeTiberus <[email protected]>
|
/lgtm |
What this PR does / why we need it:
Currently
LeaderElectionIDis set to the defaultcontroller-leader-election-helper. This causes an issue when several Cluster API pods are deployed in the same namespace. Adding a unique ID per service should resolve this.Which issue(s) this PR fixes :
Fixes #271