feat: add flag to control leader election frequency (#5172)

* feat: add flag to control leader election frequency Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * changelog Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
2025-03-28 10:28:36 +00:00 · 2022-11-09 12:37:00 +01:00 · 2022-11-09 12:37:00 +01:00 · ff5e0a361c
commit ff5e0a361c
parent cc8f643767
4 changed files with 11 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,7 @@
 ### Note

 - Flag `autogenInternals` was removed, policy mutation has been removed.
+- Flag `leaderElectionRetryPeriod` was added to control leader election renewal frequency (default value is `2s`).
 - Support upper case `Audit` and `Enforce` in `.spec.validationFailureAction` of the Kyverno policy, failure actions `audit` and `enforce` are deprecated and will be removed in `v1.11.0`.

 ## v1.8.1-rc3
--- a/cmd/initContainer/main.go
+++ b/cmd/initContainer/main.go
@ -174,6 +174,7 @@ func main() {
 		config.KyvernoNamespace(),
 		kubeClient,
 		config.KyvernoPodName(),
+		leaderelection.DefaultRetryPeriod,
 		run,
 		nil,
 	)
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@ -96,6 +96,7 @@ var (
 	backgroundScanWorkers      int
 	logFormat                  string
 	dumpPayload                bool
+	leaderElectionRetryPeriod  time.Duration
 	// DEPRECATED: remove in 1.9
 	splitPolicyReport bool
 )
@ -130,6 +131,7 @@ func parseFlags() error {
 	flag.BoolVar(&admissionReports, "admissionReports", true, "Enable or disable admission reports.")
 	flag.IntVar(&reportsChunkSize, "reportsChunkSize", 1000, "Max number of results in generated reports, reports will be split accordingly if there are more results to be stored.")
 	flag.IntVar(&backgroundScanWorkers, "backgroundScanWorkers", backgroundscancontroller.Workers, "Configure the number of background scan workers.")
+	flag.DurationVar(&leaderElectionRetryPeriod, "leaderElectionRetryPeriod", leaderelection.DefaultRetryPeriod, "Configure leader election retry period.")
 	// DEPRECATED: remove in 1.9
 	flag.BoolVar(&splitPolicyReport, "splitPolicyReport", false, "This is deprecated, please don't use it, will be removed in v1.9.")
 	if err := flag.Set("v", "2"); err != nil {
@ -658,6 +660,7 @@ func main() {
 		config.KyvernoNamespace(),
 		kubeClientLeaderElection,
 		config.KyvernoPodName(),
+		leaderElectionRetryPeriod,
 		func(ctx context.Context) {
 			logger := logger.WithName("leader")
 			// validate config
--- a/pkg/leaderelection/leaderelection.go
+++ b/pkg/leaderelection/leaderelection.go
@ -13,6 +13,8 @@ import (
 	"k8s.io/client-go/tools/leaderelection/resourcelock"
 )

+const DefaultRetryPeriod = 2 * time.Second
+
 type Interface interface {
 	// Run is a blocking call that runs a leader election
 	Run(ctx context.Context)
@ -46,7 +48,7 @@ type config struct {
 	log               logr.Logger
 }

-func New(log logr.Logger, name, namespace string, kubeClient kubernetes.Interface, id string, startWork func(context.Context), stopWork func()) (Interface, error) {
+func New(log logr.Logger, name, namespace string, kubeClient kubernetes.Interface, id string, retryPeriod time.Duration, startWork func(context.Context), stopWork func()) (Interface, error) {
 	lock, err := resourcelock.New(
 		resourcelock.LeasesResourceLock,
 		namespace,
@ -72,9 +74,9 @@ func New(log logr.Logger, name, namespace string, kubeClient kubernetes.Interfac
 	e.leaderElectionCfg = leaderelection.LeaderElectionConfig{
 		Lock:            e.lock,
 		ReleaseOnCancel: true,
-		LeaseDuration:   15 * time.Second,
-		RenewDeadline:   10 * time.Second,
-		RetryPeriod:     2 * time.Second,
+		LeaseDuration:   6 * retryPeriod,
+		RenewDeadline:   5 * retryPeriod,
+		RetryPeriod:     retryPeriod,
 		Callbacks: leaderelection.LeaderCallbacks{
 			OnStartedLeading: func(ctx context.Context) {
 				atomic.StoreInt64(&e.isLeader, 1)