Add missing leader election configuration to the contoller manager

ACK controllers use k8s-sigs/controller-runtime behind the scenes, which
support leader election. This feature is not properly working due to a
missing configuration `LeaderElectionNamespace` which is used by the
manager to create `k8s.io/coordination` Lease objects.

This patch sets the default `LeaderElectionNamespace` to `ack-system`
and adds the capability of enabling leader election using helm values.

Author: a-hilaly

templates/cmd/controller/main.go.tpl

@@ -87,13 +87,14 @@ func main() {
 	}
 
 	mgr, err := ctrlrt.NewManager(ctrlrt.GetConfigOrDie(), ctrlrt.Options{
-		Scheme:			    scheme,
-		Port:			    port,
-		Host:			    host,
-		MetricsBindAddress: ackCfg.MetricsAddr,
-		LeaderElection:		ackCfg.EnableLeaderElection,
-		LeaderElectionID:   awsServiceAPIGroup,
-		Namespace:		    ackCfg.WatchNamespace,
+		Scheme:                  scheme,
+		Port:                    port,
+		Host:                    host,
+		MetricsBindAddress:      ackCfg.MetricsAddr,
+		LeaderElection:          ackCfg.EnableLeaderElection,
+		LeaderElectionID:        awsServiceAPIGroup,
+		Namespace:               ackCfg.WatchNamespace,
+		LeaderElectionNamespace: ackCfg.LeaderElectionNamespace,
 	})
 	if err != nil {
 		setupLog.Error(

templates/config/controller/deployment.yaml.tpl

@@ -36,6 +36,10 @@ spec:
         - "$(ACK_RESOURCE_TAGS)"
         - --watch-namespace
         - "$(ACK_WATCH_NAMESPACE)"
+        - --enable-leader-election
+        - "$(ENABLE_LEADER_ELECTION)"
+        - --leader-election-namespace
+        - "$(LEADER_ELECTION_NAMESPACE)"
         image: controller:latest
         name: controller
         ports:
@@ -65,6 +69,10 @@ spec:
           value: "info"
         - name: ACK_RESOURCE_TAGS
           value: "services.k8s.aws/controller-version=%CONTROLLER_SERVICE%-%CONTROLLER_VERSION%,services.k8s.aws/namespace=%K8S_NAMESPACE%"
+        - name: ENABLED_LEADER_ELECTION
+          value: "false"
+        - name: LEADER_ELECTION_NAMESPACE
+          value: ""
         securityContext:
           allowPrivilegeEscalation: false
           privileged: false

templates/helm/templates/deployment.yaml

@@ -58,6 +58,10 @@ spec:
         - "$(ACK_WATCH_NAMESPACE)"
         - --deletion-policy
         - "$(DELETION_POLICY)"
+        - --enable-leader-election
+        - "$(ENABLE_LEADER_ELECTION)"
+        - --leader-election-namespace
+        - "$(LEADER_ELECTION_NAMESPACE)"
 {{- if gt .Values.reconcile.defaultResyncPeriod 0.0 }}
         - --reconcile-default-resync-seconds
         - "$(RECONCILE_DEFAULT_RESYNC_SECONDS)"
@@ -87,6 +91,10 @@ spec:
           value: {{ include "watch-namespace" . }}
         - name: DELETION_POLICY
           value: {{ .Values.deletionPolicy }}
+        - name: ENABLED_LEADER_ELECTION
+          value: {{ .Values.leaderElection.enabled | quote }}
+        - name: LEADER_ELECTION_NAMESPACE
+          value: {{ .Values.leaderElection.namespace | quote }}
         - name: ACK_ENABLE_DEVELOPMENT_LOGGING
           value: {{ .Values.log.enable_development_logging | quote }}
         - name: ACK_LOG_LEVEL

templates/helm/values.schema.json

@@ -231,6 +231,15 @@
       },
       "type": "object"
     },
+    "leaderElection": {
+      "description": "Parameter to configure the controller's leader election system.",
+      "properties": {
+        "enabled": {
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
     "serviceAccount": {
       "description": "ServiceAccount settings",
       "properties": {

templates/helm/values.yaml.tpl

@@ -121,3 +121,11 @@ serviceAccount:
   name: {{ .ServiceAccountName }}
   annotations: {}
     # eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME
+
+# leader election configurations
+leaderElection:
+  # Enables controller leader election
+  enabled: false
+  # Sets the leader election namespace. By default it will try to use the namespace of
+  # the service account mounted to the controller pod.
+  namespace: ""