Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Helm chart: controller.reportIngressStatus.leaderElectionLockName is not auto-generated #5389

Closed
1 task done
kyrofa opened this issue Apr 13, 2024 · 7 comments
Closed
1 task done

Helm chart: controller.reportIngressStatus.leaderElectionLockName is not auto-generated #5389

kyrofa opened this issue Apr 13, 2024 · 7 comments
Labels
backlog Pull requests/issues that are backlog items bug An issue reporting a potential bug documentation Pull requests/issues for documentation refined Issues that are ready to be prioritized

Comments

@kyrofa
Copy link

kyrofa commented Apr 13, 2024
edited by shaun-nx
Loading

The helm chart README contains the following line:

|controller.reportIngressStatus.leaderElectionLockName | Specifies the name of the ConfigMap, within the same namespace as the controller, used as the lock for leader election. controller.reportIngressStatus.enableLeaderElection must be set to true. | Autogenerated |

And indeed, this needs to be auto-generated in order to support multiple ingress controllers in the same namespace. However, it's actually hard-coded in the values.yaml to nginx-ingress-leader, which means by default you cannot install multiple ingress controllers in the same namespace.

It does look like the nginx-ingress.leaderElectionName definition does actually support auto-generating it, but the fact that the value is hard-coded means it's not done by default.

I propose updating the the default leaderElectionLockName value to be an empty string so that the README is telling the truth.

Tasks
Beta Give feedback
  1. Ensure a unique lease object is created for each install of NIC via Helm #5388
    2 of 2
    backlog bug proposal refined
    jjngx shaun-nx
@github-actions GitHub Actions
Copy link

Hi @kyrofa thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!

@kyrofa kyrofa mentioned this issue Apr 13, 2024
Closed
@brianehlert
Copy link
Collaborator

brianehlert commented Apr 13, 2024
edited
Loading

Leader election lock name was invalidated when this project moved to using the leases API.
This bit of code causes two leader election methods to be active at the same time and thus causes inappropriate load on the K8s API.
The change that started this shift was released with 3.4
#4276

@kyrofa
Copy link
Author

kyrofa commented Apr 13, 2024

I'm not completely following. Are you saying we can actually remove this configmap altogether? Because the way it stands today, if you try to install two ingress controllers alongside each other, you get something along the lines of:

Error: rendered manifests contain a resource that already exists. Unable to continue with install: ConfigMap "nginx-ingress-leader" in namespace "nginx-ingress" exists and cannot be imported into the current release

@vepatel
Copy link
Contributor

vepatel commented Apr 15, 2024
edited
Loading

Hi @kyrofa, thanks for opening the issue. autogenerating name makes sense!

We're keeping the both objects i.e. old configmap and new lease type to provide some overlap after it was introduced in 3.4.0.

Now just leaving leaderElectionLockName as "" won't fix it as lease object directly reads it and doesn't have a template like configmap , so probably have to create a template like:

{{- if .Values.controller.reportIngressStatus.enableLeaderElection }}
apiVersion: coordination.k8s.io/v1
kind: Lease
metadata:
  name: {{ include "nginx-ingress.leaderElectionName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "nginx-ingress.labels" . | nindent 4 }}
{{- end }}

We will be talking about this issue in our next community call, please feel free to join us on 6th May 3pm GMT (Zoom details on home page)

kyrofa added a commit to kyrofa/kubernetes-ingress that referenced this issue Apr 15, 2024
@kyrofa
values: auto-generate leaderElectionLockName by default
dd8c35c 
The README claims that it's auto-generated today, but it's actually
hard-coded. By changing it to use an empty string by default, the
`nginx-ingress.leaderElectionName` helper will take care of
auto-generating it. Finally, make sure
`nginx-ingress.leaderElectionName` is used in the RBAC Role instead of
the hard-coded value.

Fix nginxinc#5389

Signed-off-by: Kyle Fazzari <kyrofa@ubuntu.com>
@danielnginx danielnginx added bug An issue reporting a potential bug documentation Pull requests/issues for documentation ready for refinement An issue that was triaged and it is ready to be refined labels May 7, 2024
@danielnginx
Copy link
Collaborator

We should implement #5388 before fixing this issue.

@ksemele
Copy link

ksemele commented Jun 11, 2024

+1 do you plan to resolve this task in nearest future?

@danielnginx danielnginx mentioned this issue Jul 23, 2024
Closed
@shaun-nx shaun-nx added backlog Pull requests/issues that are backlog items refined Issues that are ready to be prioritized and removed ready for refinement An issue that was triaged and it is ready to be refined labels Sep 2, 2024
@shaun-nx
Copy link
Contributor

Closing this issue
Fix addressed in #6372

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backlog Pull requests/issues that are backlog items bug An issue reporting a potential bug documentation Pull requests/issues for documentation refined Issues that are ready to be prioritized
Projects
NGINX Ingress Controller
Status: Done 🚀
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

values: auto-generate leaderElectionLockName by default kyrofa/kubernetes-ingress
6 participants
@kyrofa @brianehlert @ksemele @vepatel @shaun-nx @danielnginx