kubernetes-ingress Ensure a unique `lease` object is created for each install of NIC via Helm

~~Remove -leader-election-lock-name and related configmap leader election maintenance code. -enable-leader-election moved to the leases API multiple releases ago.~~

~~If a customer enables lease election and defines leader-election-lock-name they actually end up activating both the leases API code and the older configmap based lease management code.~~

### UACs:
- [ ] Update `_helper.tpl` to only generate the name of the lease
- [ ] Update `charts/nginx-ingress/templates/controller-role.yaml` to use `nginx-ingress.leaderElectionName` instead of `.Values.controller.reportIngressStatus.leaderElectionLockName`
- [ ] Remove `.Values.controller.reportIngressStatus.leaderElectionLockName` from `values.yaml`
- [ ] Delete `charts/nginx-ingress/templates/controller-leader-election-configmap.yaml` as it is no longer needed

Changes required for fulfil requirements

Update _helper.tpl to only generate the name:

Before:

{{- define "nginx-ingress.leaderElectionName" -}}
{{- if .Values.controller.reportIngressStatus.leaderElectionLockName -}}
{{ .Values.controller.reportIngressStatus.leaderElectionLockName }}
{{- else -}}
{{- printf "%s-%s" (include "nginx-ingress.fullname" .) "leader-election" -}}
{{- end -}}
{{- end -}}

After:

 {{- define "nginx-ingress.leaderElectionName" -}}
 {{- printf "%s-%s" (include "nginx-ingress.fullname" .) "leader-election" -}}
 {{- end -}}

Update charts/nginx-ingress/templates/controller-role.yaml to use nginx-ingress.leaderElectionName instead of .Values.controller.reportIngressStatus.leaderElectionLockName

Before:

   resources:
   - leases
   resourceNames:
   - {{ .Values.controller.reportIngressStatus.leaderElectionLockName }}

After:

   resources:
   - leases
   resourceNames:
   - {{ include "nginx-ingress.leaderElectionName" . }}

Remove .Values.controller.reportIngressStatus.leaderElectionLockName from values.yaml

Tested two deployments in the same namespace:

k get leases.coordination.k8s.io
NAME                                                   HOLDER                                                            AGE
leader-election-test-1-nginx-ingress-leader-election   leader-election-test-1-nginx-ingress-controller-75ff476494lbmnc   8m14s
leader-election-test-2-nginx-ingress-leader-election   leader-election-test-2-nginx-ingress-controller-7785c4fbc4qbckk   2s

k get deploy | grep leader-election
leader-election-test-1-nginx-ingress-controller   1/1     1            1           8m30s
leader-election-test-2-nginx-ingress-controller   1/1     1            1           17s

Apr 13 '24 00:04 brianehlert

guess this is for 3.7.0 as the change was introduced in 3.4.0? https://github.com/nginxinc/kubernetes-ingress/pull/4276/files#diff-43f7b0ca4debd314bccac5167f596b1394e23a307451e41d93ddb422c66c7d9c

Also lock name is still required but the name should be exclusively that of lease object not the configMap

Apr 15 '24 11:04 vepatel

References: https://github.com/nginxinc/kubernetes-ingress/issues/5389

Jul 23 '24 09:07 danielnginx

kubernetes-ingress kubernetes-ingress copied to clipboard

Ensure a unique `lease` object is created for each install of NIC via Helm

kubernetes-ingress
kubernetes-ingress copied to clipboard