Closed crazywill closed 2 years ago
/kind bug
@crazywill
Just curious, why vc-manager
has multiple replicas? it's a controller
, if there are more than one replicas, everyone will try to handle same object in its reconcile, that's not acceptable.
If you want to handle heavy load in the controller
, you should increase the number of concurrent thread for the reconcile
rather than make more replicas.
@vincent-pli Thank you for your reply. As a controller, vc-manager runs in leader election mode, so it works well while having multiple replicas. But as a webhook, every replicas use its own caBundle, only the latest one can handle request.
@crazywill I'm afraid you are right, I try to fix it but I do not want to change too much.
Seems controller-runtime
consider the case, see here: https://github.com/kubernetes-sigs/controller-runtime/issues/356
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/reopen
/remove-lifecycle rotten
Please send feedback to sig-contributor-experience at kubernetes/community.
/close
@k8s-triage-robot: Closing this issue.
In #145 and #161, we use self-signed certificate for ValidatingWebhookConfiguration. However, when vc-manager has multiple replicas, every vc-manager will generate a new ValidatingWebhookConfiguration and delete old ValidatingWebhookConfiguration. That's will case the webhook raise certificate error except for the latest vc-manager pod.
https://virtualcluster-webhook-service.kube-system.svc:9443/validate-tenancy-x-k8s-io-v1alpha1-virtualcluster?timeout=30s": x509: certificate signed by unknown authority