diff --git a/cmd/memberagent/main.go b/cmd/memberagent/main.go index 0fbcb9248..6ffaecedf 100644 --- a/cmd/memberagent/main.go +++ b/cmd/memberagent/main.go @@ -126,14 +126,15 @@ func main() { } memberConfig := ctrl.GetConfigOrDie() - + // we place the leader election lease on the member cluster to avoid adding load to the hub hubOpts := ctrl.Options{ Scheme: scheme, MetricsBindAddress: *hubMetricsAddr, Port: 8443, HealthProbeBindAddress: *hubProbeAddr, LeaderElection: *enableLeaderElection, - LeaderElectionNamespace: mcNamespace, // This requires we have access to resource "leases" in API group "coordination.k8s.io" under namespace $mcHubNamespace + LeaderElectionNamespace: *leaderElectionNamespace, + LeaderElectionConfig: memberConfig, LeaderElectionID: "136224848560.hub.fleet.azure.com", Namespace: mcNamespace, } diff --git a/pkg/controllers/membercluster/membercluster_controller.go b/pkg/controllers/membercluster/membercluster_controller.go index 3bed3adc5..0af08d9b7 100644 --- a/pkg/controllers/membercluster/membercluster_controller.go +++ b/pkg/controllers/membercluster/membercluster_controller.go @@ -204,7 +204,7 @@ func (r *Reconciler) syncRole(ctx context.Context, mc *fleetv1alpha1.MemberClust Namespace: namespaceName, OwnerReferences: []metav1.OwnerReference{*toOwnerReference(mc)}, }, - Rules: []rbacv1.PolicyRule{utils.FleetRule, utils.EventRule, utils.FleetNetworkRule, utils.LeaseRule, utils.WorkRule}, + Rules: []rbacv1.PolicyRule{utils.FleetRule, utils.EventRule, utils.FleetNetworkRule, utils.WorkRule}, } // Creates role if not found. diff --git a/pkg/controllers/membercluster/membercluster_controller_test.go b/pkg/controllers/membercluster/membercluster_controller_test.go index 985f707c7..9b4575acc 100644 --- a/pkg/controllers/membercluster/membercluster_controller_test.go +++ b/pkg/controllers/membercluster/membercluster_controller_test.go @@ -150,7 +150,7 @@ func TestSyncRole(t *testing.T) { Name: "fleet-role-mc1", Namespace: namespace1, }, - Rules: []rbacv1.PolicyRule{utils.FleetRule, utils.EventRule, utils.FleetNetworkRule, utils.LeaseRule, utils.WorkRule}, + Rules: []rbacv1.PolicyRule{utils.FleetRule, utils.EventRule, utils.FleetNetworkRule, utils.WorkRule}, } return nil }, diff --git a/pkg/utils/common.go b/pkg/utils/common.go index 043242661..9c06d8366 100644 --- a/pkg/utils/common.go +++ b/pkg/utils/common.go @@ -45,7 +45,7 @@ const ( ) const ( - // LabelFleetObj is a label key indicate the resource is created by the fleet + // LabelFleetObj is a label key indicate the resource is created by the fleet. LabelFleetObj = "kubernetes.azure.com/managed-by" LabelFleetObjValue = "fleet" @@ -53,11 +53,11 @@ const ( // This label aims to enable different work objects to be managed by different placement. LabelWorkPlacementName = "work.fleet.azure.com/placement-name" - // PlacementFinalizer is used to make sure that we handle gc of placement resources + // PlacementFinalizer is used to make sure that we handle gc of placement resources. PlacementFinalizer = "work.fleet.azure.com/placement-protection" ) const ( - // NetworkingGroupName is the group name of the fleet networking + // NetworkingGroupName is the group name of the fleet networking. NetworkingGroupName = "networking.fleet.azure.com" ) @@ -82,14 +82,9 @@ var ( APIGroups: []string{NetworkingGroupName}, Resources: []string{"*"}, } - // LeaseRule Leases permissions are required for leader election of hub controller manager in member cluster. - LeaseRule = rbacv1.PolicyRule{ - Verbs: []string{"create", "get", "list", "update"}, - APIGroups: []string{"coordination.k8s.io"}, - Resources: []string{"leases"}, - } ) +// Those are the GVR/GVK of the fleet related resources. var ( ClusterResourcePlacementGVR = schema.GroupVersionResource{ Group: fleetv1alpha1.GroupVersion.Group,