From ff5e0a361c7ec13238b17af1568d205fbf82b9c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Wed, 9 Nov 2022 12:37:00 +0100 Subject: [PATCH] feat: add flag to control leader election frequency (#5172) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: add flag to control leader election frequency Signed-off-by: Charles-Edouard Brétéché * changelog Signed-off-by: Charles-Edouard Brétéché Signed-off-by: Charles-Edouard Brétéché Signed-off-by: Charles-Edouard Brétéché Co-authored-by: shuting --- CHANGELOG.md | 1 + cmd/initContainer/main.go | 1 + cmd/kyverno/main.go | 3 +++ pkg/leaderelection/leaderelection.go | 10 ++++++---- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e080f40272c8..6ba14c6fefce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ### Note - Flag `autogenInternals` was removed, policy mutation has been removed. +- Flag `leaderElectionRetryPeriod` was added to control leader election renewal frequency (default value is `2s`). - Support upper case `Audit` and `Enforce` in `.spec.validationFailureAction` of the Kyverno policy, failure actions `audit` and `enforce` are deprecated and will be removed in `v1.11.0`. ## v1.8.1-rc3 diff --git a/cmd/initContainer/main.go b/cmd/initContainer/main.go index 5dacffc59515..4ec7e82b9813 100644 --- a/cmd/initContainer/main.go +++ b/cmd/initContainer/main.go @@ -174,6 +174,7 @@ func main() { config.KyvernoNamespace(), kubeClient, config.KyvernoPodName(), + leaderelection.DefaultRetryPeriod, run, nil, ) diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go index 46a129fa04e2..bb9ebbf1f76b 100644 --- a/cmd/kyverno/main.go +++ b/cmd/kyverno/main.go @@ -96,6 +96,7 @@ var ( backgroundScanWorkers int logFormat string dumpPayload bool + leaderElectionRetryPeriod time.Duration // DEPRECATED: remove in 1.9 splitPolicyReport bool ) @@ -130,6 +131,7 @@ func parseFlags() error { flag.BoolVar(&admissionReports, "admissionReports", true, "Enable or disable admission reports.") flag.IntVar(&reportsChunkSize, "reportsChunkSize", 1000, "Max number of results in generated reports, reports will be split accordingly if there are more results to be stored.") flag.IntVar(&backgroundScanWorkers, "backgroundScanWorkers", backgroundscancontroller.Workers, "Configure the number of background scan workers.") + flag.DurationVar(&leaderElectionRetryPeriod, "leaderElectionRetryPeriod", leaderelection.DefaultRetryPeriod, "Configure leader election retry period.") // DEPRECATED: remove in 1.9 flag.BoolVar(&splitPolicyReport, "splitPolicyReport", false, "This is deprecated, please don't use it, will be removed in v1.9.") if err := flag.Set("v", "2"); err != nil { @@ -658,6 +660,7 @@ func main() { config.KyvernoNamespace(), kubeClientLeaderElection, config.KyvernoPodName(), + leaderElectionRetryPeriod, func(ctx context.Context) { logger := logger.WithName("leader") // validate config diff --git a/pkg/leaderelection/leaderelection.go b/pkg/leaderelection/leaderelection.go index bc56faf01f35..50107f788e35 100644 --- a/pkg/leaderelection/leaderelection.go +++ b/pkg/leaderelection/leaderelection.go @@ -13,6 +13,8 @@ import ( "k8s.io/client-go/tools/leaderelection/resourcelock" ) +const DefaultRetryPeriod = 2 * time.Second + type Interface interface { // Run is a blocking call that runs a leader election Run(ctx context.Context) @@ -46,7 +48,7 @@ type config struct { log logr.Logger } -func New(log logr.Logger, name, namespace string, kubeClient kubernetes.Interface, id string, startWork func(context.Context), stopWork func()) (Interface, error) { +func New(log logr.Logger, name, namespace string, kubeClient kubernetes.Interface, id string, retryPeriod time.Duration, startWork func(context.Context), stopWork func()) (Interface, error) { lock, err := resourcelock.New( resourcelock.LeasesResourceLock, namespace, @@ -72,9 +74,9 @@ func New(log logr.Logger, name, namespace string, kubeClient kubernetes.Interfac e.leaderElectionCfg = leaderelection.LeaderElectionConfig{ Lock: e.lock, ReleaseOnCancel: true, - LeaseDuration: 15 * time.Second, - RenewDeadline: 10 * time.Second, - RetryPeriod: 2 * time.Second, + LeaseDuration: 6 * retryPeriod, + RenewDeadline: 5 * retryPeriod, + RetryPeriod: retryPeriod, Callbacks: leaderelection.LeaderCallbacks{ OnStartedLeading: func(ctx context.Context) { atomic.StoreInt64(&e.isLeader, 1)