Azure · Fei-Guo · Sep 6, 2022 · Sep 6, 2022
diff --git a/cmd/memberagent/main.go b/cmd/memberagent/main.go
@@ -126,14 +126,15 @@ func main() {
 	}
 
 	memberConfig := ctrl.GetConfigOrDie()
-
+	// we place the leader election lease on the member cluster to avoid adding load to the hub
 	hubOpts := ctrl.Options{
 		Scheme:                  scheme,
 		MetricsBindAddress:      *hubMetricsAddr,
 		Port:                    8443,
 		HealthProbeBindAddress:  *hubProbeAddr,
 		LeaderElection:          *enableLeaderElection,
-		LeaderElectionNamespace: mcNamespace, // This requires we have access to resource "leases" in API group "coordination.k8s.io" under namespace $mcHubNamespace
+		LeaderElectionNamespace: *leaderElectionNamespace,
+		LeaderElectionConfig:    memberConfig,
 		LeaderElectionID:        "136224848560.hub.fleet.azure.com",
 		Namespace:               mcNamespace,
 	}

diff --git a/pkg/controllers/membercluster/membercluster_controller.go b/pkg/controllers/membercluster/membercluster_controller.go
@@ -204,7 +204,7 @@ func (r *Reconciler) syncRole(ctx context.Context, mc *fleetv1alpha1.MemberClust
 			Namespace:       namespaceName,
 			OwnerReferences: []metav1.OwnerReference{*toOwnerReference(mc)},
 		},
-		Rules: []rbacv1.PolicyRule{utils.FleetRule, utils.EventRule, utils.FleetNetworkRule, utils.LeaseRule, utils.WorkRule},
+		Rules: []rbacv1.PolicyRule{utils.FleetRule, utils.EventRule, utils.FleetNetworkRule, utils.WorkRule},
 	}
 
 	// Creates role if not found.

diff --git a/pkg/controllers/membercluster/membercluster_controller_test.go b/pkg/controllers/membercluster/membercluster_controller_test.go
@@ -150,7 +150,7 @@ func TestSyncRole(t *testing.T) {
 								Name:      "fleet-role-mc1",
 								Namespace: namespace1,
 							},
-							Rules: []rbacv1.PolicyRule{utils.FleetRule, utils.EventRule, utils.FleetNetworkRule, utils.LeaseRule, utils.WorkRule},
+							Rules: []rbacv1.PolicyRule{utils.FleetRule, utils.EventRule, utils.FleetNetworkRule, utils.WorkRule},
 						}
 						return nil
 					},

diff --git a/pkg/utils/common.go b/pkg/utils/common.go
@@ -45,19 +45,19 @@ const (
 )
 
 const (
-	// LabelFleetObj is a label key indicate the resource is created by the fleet
+	// LabelFleetObj is a label key indicate the resource is created by the fleet.
 	LabelFleetObj      = "kubernetes.azure.com/managed-by"
 	LabelFleetObjValue = "fleet"
 
 	// LabelWorkPlacementName is used to indicate which placement created the work.
 	// This label aims to enable different work objects to be managed by different placement.
 	LabelWorkPlacementName = "work.fleet.azure.com/placement-name"
 
-	// PlacementFinalizer is used to make sure that we handle gc of placement resources
+	// PlacementFinalizer is used to make sure that we handle gc of placement resources.
 	PlacementFinalizer = "work.fleet.azure.com/placement-protection"
 )
 const (
-	// NetworkingGroupName is the group name of the fleet networking
+	// NetworkingGroupName is the group name of the fleet networking.
 	NetworkingGroupName = "networking.fleet.azure.com"
 )
 
@@ -82,14 +82,9 @@ var (
 		APIGroups: []string{NetworkingGroupName},
 		Resources: []string{"*"},
 	}
-	// LeaseRule Leases permissions are required for leader election of hub controller manager in member cluster.
-	LeaseRule = rbacv1.PolicyRule{
-		Verbs:     []string{"create", "get", "list", "update"},
-		APIGroups: []string{"coordination.k8s.io"},
-		Resources: []string{"leases"},
-	}
 )
 
+// Those are the GVR/GVK of the fleet related resources.
 var (
 	ClusterResourcePlacementGVR = schema.GroupVersionResource{
 		Group:    fleetv1alpha1.GroupVersion.Group,