kube-apiserver: remove flags --identity-lease-duration-seconds and --identity-lease-renew-interval-seconds

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
2025-07-21 19:01:49 +00:00 · 2022-11-04 10:40:18 -04:00 · 2022-11-04 10:40:18 -04:00 · 02020b20e7
commit 02020b20e7
parent 368f9f949a
5 changed files with 13 additions and 38 deletions
--- a/cmd/kube-apiserver/app/options/options.go
+++ b/cmd/kube-apiserver/app/options/options.go
@ -82,9 +82,6 @@ type ServerRunOptions struct {
 	MasterCount            int
 	EndpointReconcilerType string

-	IdentityLeaseDurationSeconds      int
-	IdentityLeaseRenewIntervalSeconds int
-
 	ServiceAccountSigningKeyFile     string
 	ServiceAccountIssuer             serviceaccount.TokenGenerator
 	ServiceAccountTokenMaxExpiration time.Duration
@ -110,12 +107,10 @@ func NewServerRunOptions() *ServerRunOptions {
 		Logs:                    logs.NewOptions(),
 		Traces:                  genericoptions.NewTracingOptions(),

-		EnableLogsHandler:                 true,
-		EventTTL:                          1 * time.Hour,
-		MasterCount:                       1,
-		EndpointReconcilerType:            string(reconcilers.LeaseEndpointReconcilerType),
-		IdentityLeaseDurationSeconds:      3600,
-		IdentityLeaseRenewIntervalSeconds: 10,
+		EnableLogsHandler:      true,
+		EventTTL:               1 * time.Hour,
+		MasterCount:            1,
+		EndpointReconcilerType: string(reconcilers.LeaseEndpointReconcilerType),
 		KubeletConfig: kubeletclient.KubeletClientConfig{
 			Port:         ports.KubeletPort,
 			ReadOnlyPort: ports.KubeletReadOnlyPort,
@ -185,12 +180,6 @@ func (s *ServerRunOptions) Flags() (fss cliflag.NamedFlagSets) {
 	fs.StringVar(&s.EndpointReconcilerType, "endpoint-reconciler-type", s.EndpointReconcilerType,
 		"Use an endpoint reconciler ("+strings.Join(reconcilers.AllTypes.Names(), ", ")+") master-count is deprecated, and will be removed in a future version.")

-	fs.IntVar(&s.IdentityLeaseDurationSeconds, "identity-lease-duration-seconds", s.IdentityLeaseDurationSeconds,
-		"The duration of kube-apiserver lease in seconds, must be a positive number. (In use when the APIServerIdentity feature gate is enabled.)")
-
-	fs.IntVar(&s.IdentityLeaseRenewIntervalSeconds, "identity-lease-renew-interval-seconds", s.IdentityLeaseRenewIntervalSeconds,
-		"The interval of kube-apiserver renewing its lease in seconds, must be a positive number. (In use when the APIServerIdentity feature gate is enabled.)")
-
 	// See #14282 for details on how to test/try this option out.
 	// TODO: remove this comment once this option is tested in CI.
 	fs.IntVar(&s.KubernetesServiceNodePort, "kubernetes-service-node-port", s.KubernetesServiceNodePort, ""+
--- a/cmd/kube-apiserver/app/options/options_test.go
+++ b/cmd/kube-apiserver/app/options/options_test.go
@ -318,8 +318,6 @@ func TestAddFlags(t *testing.T) {
 		Traces: &apiserveroptions.TracingOptions{
 			ConfigFile: "/var/run/kubernetes/tracing_config.yaml",
 		},
-		IdentityLeaseDurationSeconds:        3600,
-		IdentityLeaseRenewIntervalSeconds:   10,
 		AggregatorRejectForwardingRedirects: true,
 	}

--- a/cmd/kube-apiserver/app/options/validation.go
+++ b/cmd/kube-apiserver/app/options/validation.go
@ -142,17 +142,6 @@ func validateAPIPriorityAndFairness(options *ServerRunOptions) []error {
 	return nil
 }

-func validateAPIServerIdentity(options *ServerRunOptions) []error {
-	var errs []error
-	if options.IdentityLeaseDurationSeconds <= 0 {
-		errs = append(errs, fmt.Errorf("--identity-lease-duration-seconds should be a positive number, but value '%d' provided", options.IdentityLeaseDurationSeconds))
-	}
-	if options.IdentityLeaseRenewIntervalSeconds <= 0 {
-		errs = append(errs, fmt.Errorf("--identity-lease-renew-interval-seconds should be a positive number, but value '%d' provided", options.IdentityLeaseRenewIntervalSeconds))
-	}
-	return errs
-}
-
 // Validate checks ServerRunOptions and return a slice of found errs.
 func (s *ServerRunOptions) Validate() []error {
 	var errs []error
@ -171,7 +160,6 @@ func (s *ServerRunOptions) Validate() []error {
 	errs = append(errs, s.APIEnablement.Validate(legacyscheme.Scheme, apiextensionsapiserver.Scheme, aggregatorscheme.Scheme)...)
 	errs = append(errs, validateTokenRequest(s)...)
 	errs = append(errs, s.Metrics.Validate()...)
-	errs = append(errs, validateAPIServerIdentity(s)...)

 	return errs
 }
--- a/cmd/kube-apiserver/app/server.go
+++ b/cmd/kube-apiserver/app/server.go
@ -283,9 +283,6 @@ func CreateKubeAPIServerConfig(s completedServerRunOptions) (
 			ExtendExpiration:            s.Authentication.ServiceAccounts.ExtendExpiration,

 			VersionedInformers: versionedInformers,
-
-			IdentityLeaseDurationSeconds:      s.IdentityLeaseDurationSeconds,
-			IdentityLeaseRenewIntervalSeconds: s.IdentityLeaseRenewIntervalSeconds,
 		},
 	}

--- a/pkg/controlplane/instance.go
+++ b/pkg/controlplane/instance.go
@ -121,6 +121,12 @@ const (
 	//   1. the lease is an identity lease (different from leader election leases)
 	//   2. which component owns this lease
 	IdentityLeaseComponentLabelKey = "k8s.io/component"
+	// identityLeaseDurationSeconds is the duration of kube-apiserver lease in seconds
+	identityLeaseDurationSeconds = 3600
+	// identityLeaseRenewIntervalSeconds is the interval of kube-apiserver renewing its lease in seconds
+	identityLeaseRenewIntervalSeconds = 10
+	// identityLeaseGCPeriod is the interval which the lease GC controller checks for expired leases
+	identityLeaseGCPeriod = 3600 * time.Second
 	// KubeAPIServer defines variable used internally when referring to kube-apiserver component
 	KubeAPIServer = "kube-apiserver"
 	// KubeAPIServerIdentityLeaseLabelSelector selects kube-apiserver identity leases
@ -193,9 +199,6 @@ type ExtraConfig struct {

 	VersionedInformers informers.SharedInformerFactory

-	IdentityLeaseDurationSeconds      int
-	IdentityLeaseRenewIntervalSeconds int
-
 	// RepairServicesInterval interval used by the repair loops for
 	// the Services NodePort and ClusterIP resources
 	RepairServicesInterval time.Duration
@ -480,9 +483,9 @@ func (c completedConfig) New(delegationTarget genericapiserver.DelegationTarget)
 				clock.RealClock{},
 				kubeClient,
 				holderIdentity,
-				int32(c.ExtraConfig.IdentityLeaseDurationSeconds),
+				identityLeaseDurationSeconds,
 				nil,
-				time.Duration(c.ExtraConfig.IdentityLeaseRenewIntervalSeconds)*time.Second,
+				identityLeaseRenewIntervalSeconds*time.Second,
 				leaseName,
 				metav1.NamespaceSystem,
 				labelAPIServerHeartbeat)
@ -496,7 +499,7 @@ func (c completedConfig) New(delegationTarget genericapiserver.DelegationTarget)
 			}
 			go apiserverleasegc.NewAPIServerLeaseGC(
 				kubeClient,
-				time.Duration(c.ExtraConfig.IdentityLeaseDurationSeconds)*time.Second,
+				identityLeaseGCPeriod,
 				metav1.NamespaceSystem,
 				KubeAPIServerIdentityLeaseLabelSelector,
 			).Run(hookContext.StopCh)