leases: add more details on API Server Identity

[andrewsykim]

Signed-off-by: Andrew Sy Kim [email protected]

Follow-up to #37921 (comment)

[netlify]

👷 Deploy Preview for kubernetes-io-vnext-staging processing.

Name	Link
🔨 Latest commit	917dee9
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-io-vnext-staging/deploys/6387a1649dea6a0008ee4213

[andrewsykim]

/assign @mo @sftim

[k8s-ci-robot]

@andrewsykim: GitHub didn't allow me to assign the following users: mo.

Note that only kubernetes members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @mo @sftim

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[enj]

Can we document the use of the kubernetes.io/hostname label as well?

[andrewsykim]

done

[sftim]

See #38196 (comment)

[sftim]

@enj would you be willing to propose those changes in a follow-up PR? I especially want the essentials to land, even as I also want this new page to see improvements.

Oops. This is the follow up PR!

[sftim]

We should get a tech review on this one.

[enj]

We should get a tech review on this one.

@deads2k and @lavalamp are good candidates here

[enj]

One minor nit.

[enj]

Can you split this into two code blocks, one with shell syntax, the other with yaml syntax?

[andrewsykim]

done!

[leonardpahlke]

/cc @deads2k @lavalamp
PTAL, thanks!

[deads2k]

/lgtm

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 0d317e8f2d3291f5808b70ae78582ebba14fdca9

[sftim]

Some more feedback (see inline comments)

---

The label k8s.io/component is not registered. Please document it in https://kubernetes.io/docs/reference/labels-annotations-taints/

(if feasible: switch to using control-plane.kubernetes.io/component, before the v1.26 release, so that end users don't confuse it with the app.kubernetes.io/component label).

We can also release with this and then deprecate k8s.io/component in v1.27 but that's a bit of a shame to have to do.

---

Optionally, document what happens when an API server runs as a Pod (eg for nesting a control plane).

That might be best saved for a post-release blog for the release when this feature graduates to stable.

[sftim]

Please split this - see don't include the command prompt and separate commands from output.

[sftim]

Which is true:

Suggested change

	The SHA256 hash used in the lease name is based on the OS hostname as seen by kube-apiserver. Each kube-apiserver should be
	The SHA256 hash used in the Lease name is based on the OS hostname as seen by kube-apiserver.
	The API server coerces its hostname string to lowercase before hashing it. Each kube-apiserver
	should be

or

Suggested change

	The SHA256 hash used in the lease name is based on the OS hostname as seen by kube-apiserver. Each kube-apiserver should be
	The SHA256 hash used in the Lease name is based on the OS hostname as seen by kube-apiserver.
	Each kube-apiserver should be

?

[sftim]

https://kubernetes.io/docs/reference/labels-annotations-taints/ lists that this label is used on Nodes (only)

Either:

• fix the Kubernetes code not to label Leases with this official label
  • allowed, but a bit weird to make up a new one that is so similar
• update https://kubernetes.io/docs/reference/labels-annotations-taints/ to record that it is also used for leases that are associated with nodes

[sftim]

(nit)

Suggested change

	will take over existing Leases using a new holder identity, as opposed to instantiating new lease objects. You can check the
	will take over existing Leases using a new holder identity, as opposed to instantiating new Leases.
	You can check the

[sftim]

(nit) Ideally, pick a date that is close to the v1.26 release.

[sftim]

Suggested change

	discover how many instances of `kube-apiserver` are operating the Kubernetes control plane.
	Existence of kube-apiserver leases enables future capabilities that may require coordination between
	each kube-apiserver.
	The API server creates these leases in the `kube-system` namespace.
	The existence of kube-apiserver Leases also enables adding future capabilities to Kubernetes,
	that may require coordination between each kube-apiserver (for example, during cluster
	upgrades).

[sftim]

(nit)

Suggested change

	You can inspect Leases owned by each kube-apiserver by checking for lease objects in the `kube-system` namespace
	You can inspect Leases owned by each kube-apiserver by checking for Leases in the `kube-system` namespace

[sftim]

(nit) Ideally, pick a date that is close to the v1.26 release.

[sftim]

Is this right:

Suggested change

	Expired leases from kube-apiservers that no longer exist are garbage collected by new kube-apiservers after 1 hour.
	### API server Lease garbage collection
	Expired Leases from kube-apiservers that no longer exist are garbage collected by live kube-apiservers.
	The control plane leaves the expired Leases for at least one hour before removing them.

?

We should update https://kubernetes.io/docs/concepts/architecture/garbage-collection/ to link to that heading, which is why I added it.

[sftim]

Good enough for alpha, I reckon.

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sftim

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• content/en/OWNERS [sftim]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[enj]

Good enough for alpha, I reckon.

Except the feature is beta 😂

[sftim]

More polish is welcome.