You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: keps/sig-api-machinery/1965-kube-apiserver-identity/README.md
+10-11Lines changed: 10 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -127,16 +127,17 @@ post-start-hook and expired leases will be garbage collected by the `start-kube-
127
127
post-start-hook in kube-apiserver. The refresh rate, lease duration will be configurable through kube-apiserver
128
128
flags
129
129
130
-
The format of the lease ID will be `kube-apiserver-<UUID>`. The UUID is newly generated on every start-up. This ID format is preferred
131
-
for the following reasons:
132
-
* No two kube-apiservers on the same host can share the same lease identity.
133
-
* Revealing the hostname of kube-apiserver may not be desirable for some Kubernetes platforms.
134
-
* The kube-apiserver version may change between restarts, which can trigger a storage version migration (see KEP on StorageVersionAPI)
130
+
The format of the lease will be `kube-apiserver-<hash-using-hostname>`. A hash based on the hostname is used for two reasons:
131
+
1. To ensure that a `kube-apiserver` that is restarting will attempt to obtain its previous lease, avoiding system churn when a kube-apiserver Lease is garbage collected.
132
+
2. Avoiding the need to truncate the lease name when using longer hostnames that exceed the 64 character limit for object names, which can lead to naming conflicts.
135
133
136
-
In some cases it can be desirable to use a predictable ID format (e.g. kube-apiserver-<hostname>). We may consider providing
137
-
a flag in `kube-apiserver` to override the lease identity.
134
+
Each lease will have a `kubernetes.io/hostname` label with the actual hostname seen by kube-apiserver which cluster admins
135
+
can use to determine which kube-apiserver owns a Lease object. However, the holder identity of the
136
+
lease (`lease.spec.holderIdentity`) will be uniquely generated per start-up, which can be used as an indicator for
137
+
ownership churn of the lease. All kube-apiserver leases will also have a component label `k8s.io/component=kube-apiserver`.
138
138
139
-
All kube-apiserver leases will also have a component label `k8s.io/component=kube-apiserver`.
139
+
In the future, we may consider providing a flag in `kube-apiserver` to override the lease name, but we don't anticipate
140
+
needing this today.
140
141
141
142
142
143
### Test Plan
@@ -178,9 +179,7 @@ Alpha should provide basic functionality covered with tests described above.
178
179
179
180
#### Beta -> GA Graduation
180
181
181
-
- SIG consensus on whether Lease names should be unique per process (i.e. uuid) or persist across restarts (i.e. hostname)
182
-
- SIG consensus on whether Lease names should include a hostname identifier (via label) if they do NOT persist across restarts.
183
-
- SIG consensus on where the storageversiongc controller should run (kube-apiserver vs kube-controller-manager).
182
+
==TODO==
184
183
185
184
**For non-optional features moving to GA, the graduation criteria must include
0 commit comments