You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: keps/sig-api-machinery/1965-kube-apiserver-identity/README.md
+9-8Lines changed: 9 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -127,16 +127,17 @@ post-start-hook and expired leases will be garbage collected by the `start-kube-
127
127
post-start-hook in kube-apiserver. The refresh rate, lease duration will be configurable through kube-apiserver
128
128
flags
129
129
130
-
The format of the lease ID will be `kube-apiserver-<UUID>`. The UUID is newly generated on every start-up. This ID format is preferred
131
-
for the following reasons:
132
-
* No two kube-apiservers on the same host can share the same lease identity.
133
-
* Revealing the hostname of kube-apiserver may not be desirable for some Kubernetes platforms.
134
-
* The kube-apiserver version may change between restarts, which can trigger a storage version migration (see KEP on StorageVersionAPI)
130
+
The format of the lease will be `kube-apiserver-<hash-using-hostname>`. A hash based on the hostname is used for two reasons:
131
+
1. To ensure that a `kube-apiserver` that is restarting will attempt to obtain its previous lease, avoiding system churn when a kube-apiserver Lease is garbage collected.
132
+
2. Avoiding the need to truncate the lease name when using longer hostnames that exceed the 64 character limit for object names, which can lead to naming conflicts.
135
133
136
-
In some cases it can be desirable to use a predictable ID format (e.g. kube-apiserver-<hostname>). We may consider providing
137
-
a flag in `kube-apiserver` to override the lease identity.
134
+
Each lease will have a `kubernetes.io/hostname` label with the actual hostname seen by kube-apiserver which cluster admins
135
+
can use to determine which kube-apiserver owns a Lease object. However, the holder identity of the
136
+
lease (`lease.spec.holderIdentity`) will be uniquely generated per start-up, which can be used as an indicator for
137
+
ownership churn of the lease. All kube-apiserver leases will also have a component label `k8s.io/component=kube-apiserver`.
138
138
139
-
All kube-apiserver leases will also have a component label `k8s.io/component=kube-apiserver`.
139
+
In the future, we may consider providing a flag in `kube-apiserver` to override the lease name, but we don't anticipate
0 commit comments