⚠ Change leaderlock from ConfigMap to ConfigMapsLeasesResourceLock #1144

alvaroaleman · 2020-08-29T19:45:25Z

This commit changes the leaderlock to ConfigMapsLeasesResourceLock,
which is intended to transition ppl from the ConfigMap to the more
modern Leases. It is breaking because additional RBAC is required.

Related issue is #460

PRing this now because this change is breaking, so must happen before we cut 0.7.0. Adding an option to override the default is non-breaking, so not as important to happen ASAP.

/assign @vincepri

This commit changes the leaderlock to ConfigMapsLeasesResourceLock, which is intended to transition ppl from the ConfigMap to the more modern Leases. It is breaking because additional RBAC is required.

k8s-ci-robot · 2020-08-29T19:45:35Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alvaroaleman

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [alvaroaleman]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

alvaroaleman · 2020-08-29T19:55:20Z

/retest

vincepri · 2020-08-31T14:17:14Z

Do we need a related change in controller-tools for RBAC?

vincepri · 2020-08-31T14:20:12Z

pkg/manager/manager_test.go

+			// We must keep this default until we are sure all controller-runtime users have upgraded from the original default
+			// ConfigMap lock to a controller-runtime version that has this new default. Many users of controller-runtime skip


How are we going to track this for all our users? We could maybe say that v0.7.x is going to be the last release to default to ConfigMap locks, and going forward there is going to be a breaking change that user need to take into account.

The change can be part of upgrading and should be very explicit in release notes.

The MultiLock we set up requires both a ConfigMap and a Lease. It is intended for transitions. I would like to start using this ASAP (so in v0.7, not later), because we will have to default to this for a very long time, until we are sure everyone had a c-r release that had the MultiLock. Othewise we can break users in a subtile way if their controller suddenly used a Lease but not a ConfigMap anymore, resulting in two leaders existing at the same time.

We also want to allow ppl to explicitly configure a different strategy if they know that all their users had a release with the MultiLock. However the default here has to be like this for a long time (certainly more than release, I would say at least a year after the first c-r release that has this change).

alvaroaleman · 2020-08-31T14:36:48Z

Do we need a related change in controller-tools for RBAC?

I don't know? I've never used it to generate rbac. Do you use it for that?

vincepri

/lgtm
/milestone v0.7.x

vincepri · 2020-08-31T14:54:48Z

@alvaroaleman I'll report back on the RBAC changes once we start testing it in Cluster API, I don't think there is any immediate change, but if there is some, we'll have to propagate in controller-tools and kubebuilder later

Bump controller-runtime to 0.7 and k8s.io dependencies to v.0.19.2 * Update leader election role to have permission for leases.coordination.k8s.io instead of ConfigMap. Related controller runtime change: kubernetes-sigs/controller-runtime#1144 * Use client.Object instead of runtime.Object in controller runtime helper methods. A number of controller runtime methods that previously took runtime.Object & internally type-asserted them to metav1.Object now take client.Object and client.ObjectList. Related controller runtime change: kubernetes-sigs/controller-runtime#1195 * Update how envTest starts the test manager since Manager.Start() now takes context instead of a channel

Prep code for supporting k8s 1.21: * Add context.Context parameter to Reconcile() functions [1] * Add RBAC get/create/update coordination.k8s.io/v1 Leases (replacing a configmap for leader election locks) [2] * Adapt event handler code to reflect simplification [3] * Adapt to apimachinery/pkg/runtime Log deprecation (replaced with pkg/client Log) [4] * client.Object is preferred in favor of runtime.Object (v0.7.0 release) [5] * Use admission/v1 instead of v1beta1 for webhook requests [6] [1] - kubernetes-sigs/controller-runtime#1054 [2] - kubernetes-sigs/controller-runtime#1144 [3] - kubernetes-sigs/controller-runtime#1119 [4] - kubernetes-sigs/controller-runtime#1105 [5] - kubernetes-sigs/controller-runtime#898 kubernetes-sigs/controller-runtime#1118 [6] - kubernetes-sigs/controller-runtime#1284 kubernetes-sigs/controller-runtime@a32b29d Signed-off-by: Angel Misevski <amisevsk@redhat.com>

⚠ Change leaderlock from ConfigMap to ConfigMapsLeasesResourceLock

87cb1aa

This commit changes the leaderlock to ConfigMapsLeasesResourceLock, which is intended to transition ppl from the ConfigMap to the more modern Leases. It is breaking because additional RBAC is required.

k8s-ci-robot assigned vincepri Aug 29, 2020

k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Aug 29, 2020

k8s-ci-robot requested review from mengqiy and shawn-hurley August 29, 2020 19:45

k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Aug 29, 2020

vincepri reviewed Aug 31, 2020

View reviewed changes

vincepri approved these changes Aug 31, 2020

View reviewed changes

k8s-ci-robot added this to the v0.7.x milestone Aug 31, 2020

k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 31, 2020

k8s-ci-robot merged commit 4717461 into kubernetes-sigs:master Aug 31, 2020

timebertt mentioned this pull request Sep 1, 2020

✨ Make leader election resourcelock configurable #1147

Merged

timebertt mentioned this pull request Dec 21, 2020

☂️-Issue for upgrading to k/*@v0.19 and controller-runtime@v0.7 gardener/gardener#3109

Closed

xrstf mentioned this pull request Dec 21, 2020

Update to controller-runtime 0.7.0 kubermatic/machine-controller#863

Merged

ChunyiLyu mentioned this pull request Jan 5, 2021

Bump controller-runtime to 0.7 and k8s.io dependencies to v.0.19.2 rabbitmq/cluster-operator#542

Merged

charith-elastic mentioned this pull request Jan 26, 2021

Switch leader election to use Leases elastic/cloud-on-k8s#4150

Closed

hasheddan mentioned this pull request Jan 27, 2021

Give Crossplane and installed providers access to Lease API for leader election crossplane/crossplane#2102

Merged

2 tasks

timebertt mentioned this pull request Jan 29, 2021

Vendor dependencies gardener-attic/gardener-resource-manager#105

Merged

hakman mentioned this pull request Mar 3, 2021

Only update kops-controller pods on deletion kubernetes/kops#10871

Merged

wallrj mentioned this pull request Mar 25, 2021

Upgrade to controller-runtime 0.8.3 cert-manager/sample-external-issuer#9

Merged

irbekrm mentioned this pull request May 12, 2021

Update to k8s 1.21.0 tool chain cert-manager/cert-manager#3926

Merged

github-actions bot mentioned this pull request Nov 20, 2021

feat: ✨ added helm ci/cd workflow dannylongeuay/do-infra#5

Merged

Madhu-1 mentioned this pull request Apr 11, 2022

rbd: use leases for leader election ceph/ceph-csi#3011

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

⚠ Change leaderlock from ConfigMap to ConfigMapsLeasesResourceLock #1144

⚠ Change leaderlock from ConfigMap to ConfigMapsLeasesResourceLock #1144

alvaroaleman commented Aug 29, 2020

k8s-ci-robot commented Aug 29, 2020

alvaroaleman commented Aug 29, 2020

vincepri commented Aug 31, 2020

vincepri Aug 31, 2020

alvaroaleman Aug 31, 2020 •

edited

alvaroaleman commented Aug 31, 2020

vincepri left a comment

vincepri commented Aug 31, 2020

		// We must keep this default until we are sure all controller-runtime users have upgraded from the original default
		// ConfigMap lock to a controller-runtime version that has this new default. Many users of controller-runtime skip

⚠ Change leaderlock from ConfigMap to ConfigMapsLeasesResourceLock #1144

⚠ Change leaderlock from ConfigMap to ConfigMapsLeasesResourceLock #1144

Conversation

alvaroaleman commented Aug 29, 2020

k8s-ci-robot commented Aug 29, 2020

alvaroaleman commented Aug 29, 2020

vincepri commented Aug 31, 2020

vincepri Aug 31, 2020

Choose a reason for hiding this comment

alvaroaleman Aug 31, 2020 • edited

Choose a reason for hiding this comment

alvaroaleman commented Aug 31, 2020

vincepri left a comment

Choose a reason for hiding this comment

vincepri commented Aug 31, 2020

alvaroaleman Aug 31, 2020 •

edited