Skip to content

Using leader election with webhook manager #356

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
SchSeba opened this issue Mar 11, 2019 · 9 comments · Fixed by #424
Closed

Using leader election with webhook manager #356

SchSeba opened this issue Mar 11, 2019 · 9 comments · Fixed by #424
Labels
kind/bug Categorizes issue or PR as related to a bug. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Milestone
0.2.0

Comments

@SchSeba
Copy link

SchSeba commented Mar 11, 2019

When we create a manager with leader election and a webhook only one manager start but looking into the service the manger creates for the webhook he add all the pod.

Proposed solution:

Use the label statefulset.kubernetes.io/pod-name= for the webhook service and when the election change update the service label(or recreate the service)

More general solution can be to have a general label like controller-leader and just update the leader pod with this label.
@DirectXMan12
Copy link
Contributor

So, we shouldn't do that, since webhooks support active-active HA quite easily. It should be possible to start the webhook server without starting the controllers. For that we probably need the concept of things which are active-passive vs active-active.

@mengqiy FYI

@DirectXMan12
Copy link
Contributor

/kind bug
/priority important-soon

This is something we intended to work properly, but doesn't, so I'm treating it as a bug here.

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels Mar 11, 2019
@DirectXMan12 DirectXMan12 added this to the 0.2.0 milestone Mar 11, 2019
@pytimer
Copy link

pytimer commented Apr 3, 2019
edited
Loading

@DirectXMan12 I have the problem similar to @SchSeba said, but i use Deployment to deploy manager in Kubernetes cluster. I add a readinessProbe in manager yaml, below is my yaml:

name: manager
readinessProbe:
  tcpSocket:
    port: 9876
  initialDelaySeconds: 5
  periodSeconds: 10
  successThreshold: 1
  failureThreshold: 3
  timeoutSeconds: 2

This's works ok for me, but i see manager have the http: TLS handshake error from 10.244.3.1:47680: EOF log every 10 seconds, so i want to use httpGet instead of tcpSocket, but i have no idea how to setting.

Can we add a health check api in webhook, and user can add readinessProbe in manager.yaml when use leader election?

@DirectXMan12
Copy link
Contributor

that's a different issue, but yeah, we definitely want to support registering generic health checks, etc.

@pytimer
Copy link

pytimer commented Apr 6, 2019
edited
Loading

@DirectXMan12 If use leader election with manager, the service will add all pods, but only one pod can works. So i add a health check to listen webhook port.

That's good If it support health checks, but before support health checks, i maybe needs above method, otherwise the service connection refused. If you know other ways to solve it, hope you can tell me, thanks.

Are there any related documents or links about health checks?

@lilic
Copy link

lilic commented Apr 8, 2019

So, we shouldn't do that, since webhooks support active-active HA quite easily. It should be possible to start the webhook server without starting the controllers. For that we probably need the concept of things which are active-passive vs active-active.

@DirectXMan12 So we want to start the webhooks and managers everywhere, and not let the leader election block it. But let the non-leader ones be passive. IIUC?

@SchSeba
Copy link
Author

SchSeba commented Apr 8, 2019

maybe we can implement it in a different way.

if we want only the leader to be active for the webhook we can create the service with a special label and when we took the leader it will update the pod with the relevant label?

@DirectXMan12
Copy link
Contributor

Basically:

Start the manager everywhere. For most (I'd hazard all, but you never know) you want the webhook to be active on every replica (webhooks are almost always stateless), but you want the controllers to only be active on the leader replica.

@mengqiy mengqiy mentioned this issue May 21, 2019
Merged
@mengqiy
Copy link
Member

mengqiy commented May 21, 2019

Closing by #424

@mengqiy mengqiy closed this as completed May 21, 2019
@vincent-pli vincent-pli mentioned this issue Sep 15, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Projects
None yet
Milestone
0.2.0
Development

Successfully merging a pull request may close this issue.

support non leader election components mengqiy/controller-runtime
6 participants
@DirectXMan12 @mengqiy @SchSeba @lilic @pytimer @k8s-ci-robot