From bf42ccee4efe0bb28030ef23b4d6e31669d7ddc4 Mon Sep 17 00:00:00 2001
From: Max Gautier <mg@max.gautier.name>
Date: Mon, 12 Feb 2024 10:58:45 +0000
Subject: [PATCH] Fix ingress-nginx controller election (#10913)

Under the original code, leader election failed for ingress controllers
as a result of mismatch between election-id in the controller config,
and the resourceName in the relevant rule of role 'ingress-nginx'.
This appeared in the controller logs.

To fix the issue, a command-line option was added to container
execution (--election-id=...).

Now, the election-id agrees with the resourceName provided in
the role-ingress-nginx.yml file. A comment in that file was
changed to reflect the new logic.

Co-authored-by: Vasilis Samoladas <vsam@softnet.tuc.gr>
Co-authored-by: Mohamed Omar Zaian <mohamedzaian@gmail.com>
---
 .../ds-ingress-nginx-controller.yml.j2         |  1 +
 .../templates/role-ingress-nginx.yml.j2        | 18 ++++++------------
 2 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
index 70e4ea0ea..7f419350b 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
@@ -48,6 +48,7 @@ spec:
           args:
             - /nginx-ingress-controller
             - --configmap=$(POD_NAMESPACE)/ingress-nginx
+            - --election-id=ingress-controller-leader-{{ ingress_nginx_class }}
             - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
             - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
             - --annotations-prefix=nginx.ingress.kubernetes.io
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
index 6c4b1c13f..695b07fbd 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/role-ingress-nginx.yml.j2
@@ -28,23 +28,17 @@ rules:
     verbs: ["get", "list", "watch"]
   - apiGroups: ["coordination.k8s.io"]
     resources: ["leases"]
-    # Defaults to "<election-id>-<ingress-class>"
-    # Here: "<ingress-controller-leader>-<nginx>"
-    # This has to be adapted if you change either parameter
-    # when launching the nginx-ingress-controller.
+    # Defaults to "<election-id>", defined in
+    # ds-ingress-nginx-controller.yml.js
+    # by a command-line argument.
+    #
+    # This is the correct behaviour for ingress-controller
+    # version 1.8.1
     resourceNames: ["ingress-controller-leader-{{ ingress_nginx_class }}"]
     verbs: ["get", "update"]
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["create", "patch"]
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    # Defaults to "<election-id>-<ingress-class>"
-    # Here: "<ingress-controller-leader>-<nginx>"
-    # This has to be adapted if you change either parameter
-    # when launching the nginx-ingress-controller.
-    resourceNames: ["ingress-controller-leader-{{ ingress_nginx_class }}"]
-    verbs: ["get", "update"]
   - apiGroups: ["coordination.k8s.io"]
     resources: ["leases"]
     verbs: ["create"]
-- 
GitLab