apiserver: update lease label key to apiserver.kubernetes.io/identity

Signed-off-by: Andrew Sy Kim <andrewsy@google.com>
2025-07-21 19:01:49 +00:00 · 2022-12-19 13:27:29 -05:00 · 2022-12-19 13:27:29 -05:00 · 3da0f1809c
commit 3da0f1809c
parent 2ca95b4df9
4 changed files with 29 additions and 10 deletions
--- a/pkg/controller/storageversiongc/gc_controller_test.go
+++ b/pkg/controller/storageversiongc/gc_controller_test.go
@ -48,7 +48,7 @@ func newKubeApiserverLease(name, holderIdentity string) *coordinationv1.Lease {
 			Name:      name,
 			Namespace: metav1.NamespaceSystem,
 			Labels: map[string]string{
-				"k8s.io/component": "kube-apiserver",
+				"apiserver.kubernetes.io/identity": "kube-apiserver",
 			},
 		},
 		Spec: coordinationv1.LeaseSpec{
--- a/pkg/controlplane/controller/apiserverleasegc/gc_controller_test.go
+++ b/pkg/controlplane/controller/apiserverleasegc/gc_controller_test.go
@ -44,7 +44,7 @@ func Test_Controller(t *testing.T) {
 					Name:      "kube-apiserver-12345",
 					Namespace: metav1.NamespaceSystem,
 					Labels: map[string]string{
-						"k8s.io/component": "kube-apiserver",
+						"apiserver.kubernetes.io/identity": "kube-apiserver",
 					},
 				},
 				Spec: coordinationv1.LeaseSpec{
@ -62,7 +62,7 @@ func Test_Controller(t *testing.T) {
 					Name:      "kube-apiserver-12345",
 					Namespace: metav1.NamespaceSystem,
 					Labels: map[string]string{
-						"k8s.io/component": "kube-controller-manager",
+						"apiserver.kubernetes.io/identity": "kube-controller-manager",
 					},
 				},
 				Spec: coordinationv1.LeaseSpec{
@ -80,7 +80,7 @@ func Test_Controller(t *testing.T) {
 					Name:      "kube-apiserver-12345",
 					Namespace: metav1.NamespaceSystem,
 					Labels: map[string]string{
-						"k8s.io/component": "kube-apiserver",
+						"apiserver.kubernetes.io/identity": "kube-apiserver",
 					},
 				},
 				Spec: coordinationv1.LeaseSpec{
@ -98,7 +98,7 @@ func Test_Controller(t *testing.T) {
 					Name:      "kube-apiserver-12345",
 					Namespace: metav1.NamespaceSystem,
 					Labels: map[string]string{
-						"k8s.io/component": "kube-apiserver",
+						"apiserver.kubernetes.io/identity": "kube-apiserver",
 					},
 				},
 				Spec: coordinationv1.LeaseSpec{
@ -116,7 +116,7 @@ func Test_Controller(t *testing.T) {
 					Name:      "kube-apiserver-12345",
 					Namespace: metav1.NamespaceSystem,
 					Labels: map[string]string{
-						"k8s.io/component": "kube-apiserver",
+						"apiserver.kubernetes.io/identity": "kube-apiserver",
 					},
 				},
 				Spec: coordinationv1.LeaseSpec{
@ -132,7 +132,7 @@ func Test_Controller(t *testing.T) {
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			clientset := fake.NewSimpleClientset(test.lease)
-			controller := NewAPIServerLeaseGC(clientset, 100*time.Millisecond, metav1.NamespaceSystem, "k8s.io/component=kube-apiserver")
+			controller := NewAPIServerLeaseGC(clientset, 100*time.Millisecond, metav1.NamespaceSystem, "apiserver.kubernetes.io/identity=kube-apiserver")
 			go controller.Run(nil)

 			time.Sleep(time.Second)
--- a/pkg/controlplane/instance.go
+++ b/pkg/controlplane/instance.go
@ -123,9 +123,11 @@ const (
 	// IdentityLeaseComponentLabelKey is used to apply a component label to identity lease objects, indicating:
 	//   1. the lease is an identity lease (different from leader election leases)
 	//   2. which component owns this lease
-	IdentityLeaseComponentLabelKey = "k8s.io/component"
+	IdentityLeaseComponentLabelKey = "apiserver.kubernetes.io/identity"
 	// KubeAPIServer defines variable used internally when referring to kube-apiserver component
 	KubeAPIServer = "kube-apiserver"
+	// DeprecatedKubeAPIServerIdentityLeaseLabelSelector selects kube-apiserver identity leases
+	DeprecatedKubeAPIServerIdentityLeaseLabelSelector = "k8s.io/component=kube-apiserver"
 	// KubeAPIServerIdentityLeaseLabelSelector selects kube-apiserver identity leases
 	KubeAPIServerIdentityLeaseLabelSelector = IdentityLeaseComponentLabelKey + "=" + KubeAPIServer
 	// repairLoopInterval defines the interval used to run the Services ClusterIP and NodePort repair loops
@ -509,6 +511,23 @@ func (c completedConfig) New(delegationTarget genericapiserver.DelegationTarget)
 			go controller.Run(hookContext.StopCh)
 			return nil
 		})
+		// Labels for apiserver idenitiy leases switched from k8s.io/component=kube-apiserver to apiserver.kubernetes.io/identity=kube-apiserver.
+		// For compatibility, garbage collect leases with both labels for at least 1 release
+		// TODO: remove in Kubernetes 1.28
+		m.GenericAPIServer.AddPostStartHookOrDie("start-deprecated-kube-apiserver-identity-lease-garbage-collector", func(hookContext genericapiserver.PostStartHookContext) error {
+			kubeClient, err := kubernetes.NewForConfig(hookContext.LoopbackClientConfig)
+			if err != nil {
+				return err
+			}
+			go apiserverleasegc.NewAPIServerLeaseGC(
+				kubeClient,
+				IdentityLeaseGCPeriod,
+				metav1.NamespaceSystem,
+				DeprecatedKubeAPIServerIdentityLeaseLabelSelector,
+			).Run(hookContext.StopCh)
+			return nil
+		})
+		// TODO: move this into generic apiserver and make the lease identity value configurable
 		m.GenericAPIServer.AddPostStartHookOrDie("start-kube-apiserver-identity-lease-garbage-collector", func(hookContext genericapiserver.PostStartHookContext) error {
 			kubeClient, err := kubernetes.NewForConfig(hookContext.LoopbackClientConfig)
 			if err != nil {
--- a/test/e2e/apimachinery/apiserver_identity.go
+++ b/test/e2e/apimachinery/apiserver_identity.go
@ -115,7 +115,7 @@ var _ = SIGDescribe("kube-apiserver identity [Feature:APIServerIdentity]", func(
 		}

 		leases, err := client.CoordinationV1().Leases(metav1.NamespaceSystem).List(context.TODO(), metav1.ListOptions{
-			LabelSelector: "k8s.io/component=kube-apiserver",
+			LabelSelector: "apiserver.kubernetes.io/identity=kube-apiserver",
 		})
 		framework.ExpectNoError(err)
 		framework.ExpectEqual(len(leases.Items), len(controlPlaneNodes), "unexpected number of leases")
@ -161,7 +161,7 @@ var _ = SIGDescribe("kube-apiserver identity [Feature:APIServerIdentity]", func(
 		// As long as the hostname of kube-apiserver is unchanged, a restart should not result in new Lease objects.
 		// Check that the number of lease objects remains the same after restarting kube-apiserver.
 		leases, err = client.CoordinationV1().Leases(metav1.NamespaceSystem).List(context.TODO(), metav1.ListOptions{
-			LabelSelector: "k8s.io/component=kube-apiserver",
+			LabelSelector: "apiserver.kubernetes.io/identity=kube-apiserver",
 		})
 		framework.ExpectNoError(err)
 		framework.ExpectEqual(len(leases.Items), len(controlPlaneNodes), "unexpected number of leases")