Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes for usage of leader election #10

Merged
merged 3 commits into from
Jan 20, 2025
Merged

Fixes for usage of leader election #10

merged 3 commits into from
Jan 20, 2025

Conversation

benwh
Copy link

@benwh benwh commented Jan 20, 2025

We want to start using leader election, so that we can have multiple pods running, in order to serve webhooks reliably.

The functionality for this is already available, but there's some tweaks here to make it work.

Commits:

Add leases RBAC to base config

controller-runtime has migrated to the native lease object some time
ago, but this was missing in the manifests.

Resolves this error:

1 leaderelection.go:332] error retrieving resource lock theatre-system/workloads.crds.gocardless.com: leases.coordination.k8s.io "workloads.crds.gocardless.com" is forbidden: User "system:serviceaccount:theatre-system:theatre-workloads-manager" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "theatre-system"

Release leader election lease on shutdown

As per the documentation for this option, we can do this to speed up
lease transitions, given that in our codebase we only ever immediately
exit the process if the manager is cancelled.

Remove dangerous targets from Makefile

There's no reason to have these around any longer.

benwh added 3 commits January 20, 2025 18:19
@benwh
Add leases RBAC to base config
1b06a79 
controller-runtime has migrated to the native `lease` object some time
ago, but this was missing in the manifests.

Resolves this error:

```
1 leaderelection.go:332] error retrieving resource lock theatre-system/workloads.crds.gocardless.com: leases.coordination.k8s.io "workloads.crds.gocardless.com" is forbidden: User "system:serviceaccount:theatre-system:theatre-workloads-manager" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "theatre-system"
```
@benwh
Release leader election lease on shutdown
ecd7651 
As per the documentation for this option, we can do this to speed up
lease transitions, given that in our codebase we only ever immediately
exit the process if the manager is cancelled.
@benwh
Remove dangerous targets from Makefile
77fe83f 
There's no reason to have these around any longer.
mbarrin-incident
mbarrin-incident approved these changes Jan 20, 2025
View reviewed changes
Copy link

@mbarrin-incident mbarrin-incident left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@benwh benwh merged commit bcab438 into master Jan 20, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mbarrin-incident mbarrin-incident mbarrin-incident approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@benwh @mbarrin-incident