Ingress-controller-nginx leader election - Why?

2
votes

Can anyone explain why there is a requirement for leader election when having an ingress-controller (nginx) deployment with multiple replica's? Is there a sync going on between them? What is actually synced?

I searched the documentation and found ... nothing I know there is a configmap that holds the POD name of the leader but that's pretty much it.

I also see that a leader election is going on when starting the pod

I0828 16:08:39.500651       7 nginx.go:307] Starting NGINX process
I0828 16:08:39.500779       7 leaderelection.go:242] attempting to acquire leader lease ingresscontroller/ingress-controller-leader...
I0828 16:08:39.500890       7 nginx.go:327] Starting validation webhook on :8443 with keys /usr/local/certificates/cert /usr/local/certificates/key
I0828 16:08:39.503049       7 controller.go:141] Configuration changes detected, backend reload required.
I0828 16:08:39.504322       7 status.go:86] new leader elected: ingress-nginx-controller-xxxxxx-xxxx
I0828 16:08:39.728368       7 controller.go:157] Backend successfully reloaded.
I0828 16:08:39.728416       7 controller.go:166] Initial sync, sleeping for 1 second.

Can anyone provide some insights on why there is a requirement for a leader?

Thanks in advance!

Bregt

2
kuberneteskubernetes-ingressnginx-ingress
Have you found a answer to this? @Bregt Coenen - Jeryl Cook

2 Answers

3
votes

Leader election, in simple words, is the mechanism that guarantees that only one instance of the nginx ingress controller is actively making decisions, while all the other instances are inactive, but ready to take leadership if something happens to the active one.

This is very similar in nature to the control plane components of kubernetes such as kube controller manager or kube scheduler.

The sync is the syntonization of the desired state from the rules defined in ingress resource into the actual nginx configuration file

There is no state sync between the nginx ingress controller pod replicas itself because each of the pods are capable of performing the syntonization of desired state from the ingress resources to an actual nginx configuration file when the pod starts up first-time and by keeping a continuous watch on ingress and few other resource via APIs exposed by kubernetes API server.

1
votes

excerpt from the documents:

-enable-leader-election
Enables Leader election to avoid multiple replicas of the controller reporting the status of Ingress, VirtualServer and VirtualServerRoute resources – only one replica will report status. (default true)