From cf4dca8e43ad87e95d3a2fd4d708f3eb8c35de97 Mon Sep 17 00:00:00 2001
From: Jintao Zhang <zhangjintao9020@gmail.com>
Date: Sat, 9 Jul 2022 20:37:46 +0800
Subject: [PATCH] feat: migrate leaderelection lock to leases (#8733)

* feat: migrate leaderelection lock to leases

Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>

* Update RBAC

Co-authored-by: Shafeeque E S <shafeeque.e.s@sap.com>
---
 .../ingress-nginx/templates/clusterrole.yaml  |  7 ++++++
 .../templates/controller-role.yaml            | 15 ++++++++++++
 internal/ingress/controller/status.go         | 24 ++++++++++++++-----
 3 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/charts/ingress-nginx/templates/clusterrole.yaml b/charts/ingress-nginx/templates/clusterrole.yaml
index c093f048a..0e725ec06 100644
--- a/charts/ingress-nginx/templates/clusterrole.yaml
+++ b/charts/ingress-nginx/templates/clusterrole.yaml
@@ -29,6 +29,13 @@ rules:
     verbs:
       - list
       - watch
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - list
+      - watch
 {{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
   - apiGroups:
       - ""
diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml
index 47bbc32d0..8e5f8a0d7 100644
--- a/charts/ingress-nginx/templates/controller-role.yaml
+++ b/charts/ingress-nginx/templates/controller-role.yaml
@@ -73,6 +73,21 @@ rules:
       - configmaps
     verbs:
       - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      - {{ .Values.controller.electionID }}
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
   - apiGroups:
       - ""
     resources:
diff --git a/internal/ingress/controller/status.go b/internal/ingress/controller/status.go
index 7b90594a9..a56a6b831 100644
--- a/internal/ingress/controller/status.go
+++ b/internal/ingress/controller/status.go
@@ -93,12 +93,24 @@ func setupLeaderElection(config *leaderElectionConfig) {
 		Host:      hostname,
 	})
 
-	lock := resourcelock.ConfigMapLock{
-		ConfigMapMeta: metav1.ObjectMeta{Namespace: k8s.IngressPodDetails.Namespace, Name: config.ElectionID},
-		Client:        config.Client.CoreV1(),
-		LockConfig: resourcelock.ResourceLockConfig{
-			Identity:      k8s.IngressPodDetails.Name,
-			EventRecorder: recorder,
+	objectMeta := metav1.ObjectMeta{Namespace: k8s.IngressPodDetails.Namespace, Name: config.ElectionID}
+	resourceLockConfig := resourcelock.ResourceLockConfig{
+		Identity:      k8s.IngressPodDetails.Name,
+		EventRecorder: recorder,
+	}
+
+	// TODO: If we upgrade client-go to v0.24 then we can only use LeaseLock.
+	// MultiLock is used for lock's migration
+	lock := resourcelock.MultiLock{
+		Primary: &resourcelock.ConfigMapLock{
+			ConfigMapMeta: objectMeta,
+			Client:        config.Client.CoreV1(),
+			LockConfig:    resourceLockConfig,
+		},
+		Secondary: &resourcelock.LeaseLock{
+			LeaseMeta:  objectMeta,
+			Client:     config.Client.CoordinationV1(),
+			LockConfig: resourceLockConfig,
 		},
 	}