Add leader election code to MIC #277
Conversation
kkmsft
requested review from
cpuguy83 and
aramase
and removed request for
cpuguy83
kkmsft
changed the title
|
Ran 10 of 10 Specs in 2939.239 seconds |
kkmsft
force-pushed
the
leader_election
branch
2 times, most recently
from
f4f27b3
to
4c928bb
Compare
kkmsft
changed the title
cmd/mic/main.go
Outdated
| ) | ||
|
|
||
| func main() { | ||
| defer glog.Flush() | ||
| hostName, err := os.Hostname() | ||
| if err != nil { | ||
| glog.Fatalf("Get hostname failure.") |
There was a problem hiding this comment.
Need to include the error in the err msg
cmd/mic/main.go
Outdated
| flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to the kube config") | ||
| flag.StringVar(&cloudconfig, "cloudconfig", "", "Path to cloud config e.g. Azure.json file") | ||
| flag.BoolVar(&forceNamespaced, "forceNamespaced", false, "Forces namespaced identities, binding, and assignment") | ||
| flag.BoolVar(&versionInfo, "version", false, "Prints the version information") | ||
| flag.DurationVar(&syncRetryDuration, "syncRetryDuration", 3600*time.Second, "The interval in seconds at which sync loop should periodically check for errors and reconcile.") | ||
|
|
||
| // Leader election parameters | ||
| flag.StringVar(&leaderElectionCfg.ResourceName, "leader-election-name", hostName, "leader name. default is 'hostname'") | ||
| flag.StringVar(&leaderElectionCfg.Namespace, "leader-election-namespace", "default", "name space to create leader election objects. default is 'default' namesapce") |
There was a problem hiding this comment.
We don't need to explicitly say the default value in the usage. Since the default value is defined, pflag will show that in the output.
For instance -
-syncRetryDuration duration
The interval in seconds at which sync loop should periodically check for errors and reconcile. (default 1h0m0s)
| serviceAccountName: aad-pod-id-mic-service-account | ||
| containers: | ||
| - name: mic | ||
| image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.3" |
There was a problem hiding this comment.
Image should be 1.5-rc1 image here instead of 1.3
| name: iptableslock | ||
| containers: | ||
| - name: nmi | ||
| image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.4" |
There was a problem hiding this comment.
Image should be 1.5-rc1 instead of 1.4
| name: iptableslock | ||
| containers: | ||
| - name: nmi | ||
| image: "mcr.microsoft.com/k8s/aad-pod-identity/nmi:master" |
There was a problem hiding this comment.
@kkmsft looks like the image version is still master here?
| spec: | ||
| containers: | ||
| - name: mic | ||
| image: "mcr.microsoft.com/k8s/aad-pod-identity/mic:master" |
There was a problem hiding this comment.
@kkmsft looks like the image version is still master here instead of rc?
pkg/mic/mic.go
Outdated
| Identity: c.ResourceName, | ||
| EventRecorder: recorder}) | ||
| if err != nil { | ||
| glog.Errorf("Resource lock creation for leadeer election failed with error : %v", err) |
| } | ||
|
|
||
| leaderElector, err = leaderelection.NewLeaderElector(config) | ||
| if err != nil { |
There was a problem hiding this comment.
We can skip the err != nil check here and return from here
| @@ -140,6 +140,9 @@ rules: | |||
| - apiGroups: [""] | |||
| resources: ["events"] | |||
| verbs: ["create", "patch"] | |||
| - apiGroups: [""] | |||
| resources: ["endpoints"] | |||
| verbs: ["create", "get", "list", "watch", "update", "patch"] | |||
There was a problem hiding this comment.
Why do we need create, update and patch?
There was a problem hiding this comment.
hmm we need create and get for sure, the rest i am not so sure about.
cmd/mic/main.go
Outdated
| flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to the kube config") | ||
| flag.StringVar(&cloudconfig, "cloudconfig", "", "Path to cloud config e.g. Azure.json file") | ||
| flag.BoolVar(&forceNamespaced, "forceNamespaced", false, "Forces namespaced identities, binding, and assignment") | ||
| flag.BoolVar(&versionInfo, "version", false, "Prints the version information") | ||
| flag.DurationVar(&syncRetryDuration, "syncRetryDuration", 3600*time.Second, "The interval in seconds at which sync loop should periodically check for errors and reconcile.") | ||
|
|
||
| // Leader election parameters | ||
| flag.StringVar(&leaderElectionCfg.ResourceName, "leader-election-name", hostName, "leader name. default is 'hostname'") |
There was a problem hiding this comment.
default shouldn't be host name, default should be a well known string. Mic pods will get different host names.
There was a problem hiding this comment.
isn't that for ID ? Shouldn't the resource name be unique ?
There was a problem hiding this comment.
leaderElectionCfg.ResourceName throw me off. i thought it is for endpoint name, not for the identity of the leader. Let us try to avoid the same for future users.
- rename the field ResourceName to leader identity or something of that sort.
- rename field
IDtoIdentity
There was a problem hiding this comment.
ResourceName ==> Instance
ID ==> Name
cmd/mic/main.go
Outdated
| flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to the kube config") | ||
| flag.StringVar(&cloudconfig, "cloudconfig", "", "Path to cloud config e.g. Azure.json file") | ||
| flag.BoolVar(&forceNamespaced, "forceNamespaced", false, "Forces namespaced identities, binding, and assignment") | ||
| flag.BoolVar(&versionInfo, "version", false, "Prints the version information") | ||
| flag.DurationVar(&syncRetryDuration, "syncRetryDuration", 3600*time.Second, "The interval in seconds at which sync loop should periodically check for errors and reconcile.") | ||
|
|
||
| // Leader election parameters | ||
| flag.StringVar(&leaderElectionCfg.ResourceName, "leader-election-name", hostName, "leader name. default is 'hostname'") | ||
| flag.StringVar(&leaderElectionCfg.Namespace, "leader-election-namespace", "default", "name space to create leader election objects. default is 'default' namesapce") |
There was a problem hiding this comment.
nit namespace not name space
| } | ||
| leaderElector, err := c.NewLeaderElector(clientSet, recorder, leaderElectionConfig) | ||
| if err != nil { | ||
| return nil, err |
| @@ -140,6 +140,9 @@ rules: | |||
| - apiGroups: [""] | |||
| resources: ["events"] | |||
| verbs: ["create", "patch"] | |||
| - apiGroups: [""] | |||
| resources: ["endpoints"] | |||
| verbs: ["create", "get", "list", "watch", "update", "patch"] | |||
There was a problem hiding this comment.
hmm we need create and get for sure, the rest i am not so sure about.
| OnStoppedLeading: func() { | ||
| glog.Errorf("Lost Leader Lease") | ||
| glog.Flush() | ||
| os.Exit(1) |
There was a problem hiding this comment.
nit the case of log line consistent. don't use title case, and generally avoid caps all together.
There was a problem hiding this comment.
Changed. Only first one is caps now.
| @@ -0,0 +1,208 @@ | |||
| apiVersion: v1 | |||
There was a problem hiding this comment.
Why do we have these new files, are they new?
There was a problem hiding this comment.
right now the deployment file (https://github.com/Azure/aad-pod-identity/blob/master/deploy/infra/deployment-rbac.yaml) under the infra has the extra parameter with the binary name, because of a bug in the Docker packaging which we fixed later. That file needs to be remain as is so that anyone using the stable images can use that deployment file. These file contains the right yaml for the images from the master. When we do next release - 1.5 this file will move to (https://github.com/Azure/aad-pod-identity/blob/master/deploy/infra/deployment-rbac.yaml) so that stable images can be obtained by using the same deployment files and also have replicaset configuration.
kkmsft
force-pushed
the
leader_election
branch
2 times, most recently
from
a31f846
to
56c65b0
Compare
|
Ran 12 of 12 Specs in 2723.302 seconds |
Reason for Change:
Add leader election code to MIC to run it as ReplicaSet with multiple replicas which can come up and continue in case of a failure of the active MIC. Also added are deployment yamls which configures the ReplicaSet appropriately under deploy/master/replicaset.
Issue Fixed:
Notes for Reviewers:
TODO: