Support controllers leader election mode #1753
Comments
|
You'd need to set up the leader election bits, but it should be possible. Is there a particular reason you want to run >1 replica? For performance or for availability reasons? |
|
Hi @jaypipes once again. Yeah, in my case it's the company policy for reliability. I was looking through the code and the leader election code seems to be mostly there. It might be missing the key for the election and way to check whether we're running multiple replicas or not so the election is enabled or disabled correctly. Would you be against implementing this? I could also give it a shot if that's okay. Thanks for the swift reply, Jay! |
|
I've found there is a flag being set on https://github.com/aws-controllers-k8s/runtime/blob/main/pkg/config/config.go#L106 and all it takes is that flag to be set so it handles the leader election. From what I can tell, all it takes to support HA is:
Let me know what you think, @jaypipes . I will go ahead and create this PR so we have something to talk about =P. |
|
Done :) |
|
Hi @migueleliasweb , those helm configurations files are generated frequently, so we'll have to make changes https://github.com/aws-controllers-k8s/code-generator/tree/main/templates/helm instead :) Another thought is that i'm not sure whether passing |
|
Humm yeah I guess you're right... I've read a bit more about the leader election and the configuration that is missing. The controller runtime I wonder how could we make this change isolated to the ack IAM controller instead of enabling it at the same time for all controllers that pull code from that shared library. |
|
@migueleliasweb All the controllers already import |
jaypipes
changed the title
|
Issues go stale after 90d of inactivity. |
ack-prow
bot
added
the
lifecycle/stale
|
/lifecycle frozen |
ack-prow
bot
added
lifecycle/frozen
|
@migueleliasweb I have a patch that worked for lambda/dynamodb controllers aws-controllers-k8s/code-generator#455 - hoping to get it merged/released soon. |
Thank you for sharing this, it was helpful and interesting to read! controller-runtime hides a lot of the client-go options we only can configure those https://github.com/kubernetes-sigs/controller-runtime/blob/main/pkg/leaderelection/leader_election.go#L36-L52 |
|
I'm the one to should thank you, @a-hilaly , for actioning this so quickly! Btw, I reckon, under the hood the leader election relies on leases (https://kubernetes.io/docs/concepts/architecture/leases/) to get a "lock" and determine the leader. I don't know what Kubernetes version the ACK controllers aim to be deployable to but if the idea is to support the current EKS versions, this should be just fine ;). |
|
Yes, the default one currently is Leases, and before it used to be configMaps - I believe leases have been around for a few years now? safe to way we support all the 1.2x versions? |
|
Actually now thinking about it.. we will need leases read/write RBAC for controllers with this change |
a-hilaly
added
kind/feature
a-hilaly
changed the title
|
Also adding a new flag to be able to configure leader election namespace aws-controllers-k8s/runtime#123 |
|
/remove-lifecycle frozen |
ack-prow
bot
removed
the
lifecycle/frozen
Fixes (part of) aws-controllers-k8s/community#1753 This patch introduces a new `--leader-election-namespace` flag used to configure controller-runtime leaderElection componenet. This namespace is utilized by the controller to manage the `coordination.k8s.io/lease` obejct for leader election. In the context of the controller-runtime library, if the LeaderElectionNamespace parametere is not explicitly set, the library will automatically default its value to the content of the file mounted at /var/run/secrets/kubernetes.io/serviceaccount/namespace. > https://github.com/kubernetes-sigs/controller-runtime/blob/main/pkg/leaderelection/leader_election.go#L112-L127 In Kubernetes, when a pod is created, a service account is automatically associated with it, unless explicitly specified otherwise. This service account contains relevant information, such as the namespace in which the pod is deployed. The Kubernetes API server mounts a two files for the service account in the pod's filesystem at /var/run/secrets/kubernetes.io/serviceaccount/token and /var/run/secrets/kubernetes.io/serviceaccount/namespace, respectively. > https://github.com/kubernetes/kubernetes/blob/master/pkg/controller/serviceaccount/tokens_controller.go#L399-L402 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Issue: aws-controllers-k8s/community#1753 (comment) ACK controllers use k8s-sigs/controller-runtime behind the scenes, which support leader election. This feature is not properly working due to a missing configuration `LeaderElectionNamespace` which is used by the manager to create `k8s.io/coordination` Lease objects. This patch sets the default `LeaderElectionNamespace` to `ack-system` and adds the capability of enabling leader election using helm values. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. Co-authored-by: Adam Cornett <adc@redhat.com>
|
@migueleliasweb Leader election is implemented and we are currently in the process of releasing a new version for all the controllers to include this feature. |
|
released for all the controllers |
|
@a-hilaly: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
The Helm template seems to not allow such configuration. See: https://github.com/aws-controllers-k8s/iam-controller/blob/main/helm/templates/deployment.yaml#L14
Is there reason why wouldn't this controller work with multiple replicas?
The text was updated successfully, but these errors were encountered: