From 5fbba06228bef6c3abc17b36387ef5ee44963c44 Mon Sep 17 00:00:00 2001 From: Tom Pantelis Date: Tue, 10 Dec 2024 10:41:03 -0500 Subject: [PATCH] Use leader-with-lease based election in the operator ...instead of leader-for-life. The latter was implemented in the operator SDK early on before controller-runtime supported leader-with-lease. However leader-with-lease is the preferred method and leader-for-life is being proposed for deprecation (see https://github.com/operator-framework/operator-lib/issues/117). Signed-off-by: Tom Pantelis --- cmd/main.go | 11 +------ config/manager/manager.yaml | 4 +-- config/rbac/submariner-operator/role.yaml | 11 +++++++ pkg/embeddedyamls/yamls.go | 35 +++++++++++++++-------- 4 files changed, 37 insertions(+), 24 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index b8d0170d4..b87a725f2 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -25,7 +25,6 @@ import ( "runtime" configv1 "github.com/openshift/api/config/v1" - "github.com/operator-framework/operator-lib/leader" "github.com/submariner-io/admiral/pkg/log/kzerolog" "github.com/submariner-io/admiral/pkg/names" admversion "github.com/submariner-io/admiral/pkg/version" @@ -84,8 +83,7 @@ func main() { flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") flag.StringVar(&pprofAddr, "pprof-bind-address", ":8082", "The address the profiling endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, - "Enable leader election for controller manager. "+ - "Enabling this will ensure there is only one active controller manager.") + "Enable leader election for the controller manager to ensure there is only one active instance.") kzerolog.AddFlags(nil) flag.Parse() @@ -121,13 +119,6 @@ func main() { ctx := ctrl.SetupSignalHandler() - // Become the leader before proceeding - err = leader.Become(ctx, "submariner-operator-lock") - if err != nil { - log.Error(err, "") - os.Exit(1) - } - // Set up the CRDs we need crdUpdater, err := crd.UpdaterFromRestConfig(cfg) if err != nil { diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index b336645d5..92d570c99 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -54,8 +54,8 @@ spec: image: controller:0.0.0 command: - submariner-operator - # args: - # - --enable-leader-election + args: + - --leader-elect imagePullPolicy: Always env: - name: WATCH_NAMESPACE diff --git a/config/rbac/submariner-operator/role.yaml b/config/rbac/submariner-operator/role.yaml index 91d88aed2..cca136ddf 100644 --- a/config/rbac/submariner-operator/role.yaml +++ b/config/rbac/submariner-operator/role.yaml @@ -93,3 +93,14 @@ rules: - servicediscoveries/finalizers verbs: - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - delete diff --git a/pkg/embeddedyamls/yamls.go b/pkg/embeddedyamls/yamls.go index d8c3679dd..260fd12ac 100644 --- a/pkg/embeddedyamls/yamls.go +++ b/pkg/embeddedyamls/yamls.go @@ -25,7 +25,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.5 name: brokers.submariner.io spec: group: submariner.io @@ -105,7 +105,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.5 name: submariners.submariner.io spec: group: submariner.io @@ -1118,7 +1118,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.5 name: servicediscoveries.submariner.io spec: group: submariner.io @@ -1277,7 +1277,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.5 name: clusters.submariner.io spec: group: submariner.io @@ -1348,7 +1348,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.5 name: endpoints.submariner.io spec: group: submariner.io @@ -1429,7 +1429,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.5 name: gateways.submariner.io spec: group: submariner.io @@ -1602,7 +1602,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.5 name: clusterglobalegressips.submariner.io spec: group: submariner.io @@ -1728,7 +1728,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.5 name: globalegressips.submariner.io spec: group: submariner.io @@ -1903,7 +1903,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.5 name: globalingressips.submariner.io spec: group: submariner.io @@ -2056,7 +2056,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.5 name: gatewayroutes.submariner.io spec: group: submariner.io @@ -2117,7 +2117,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.5 name: nongatewayroutes.submariner.io spec: group: submariner.io @@ -2178,7 +2178,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.5 name: routeagents.submariner.io spec: group: submariner.io @@ -2808,6 +2808,17 @@ rules: - servicediscoveries/finalizers verbs: - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - delete ` Config_rbac_submariner_operator_role_binding_yaml = `--- kind: RoleBinding