Welcome @DerekFrank!

It looks like this is your first PR to kubernetes/kubernetes 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/kubernetes has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

Hi @DerekFrank. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

/ok-to-test

/test pull-kubernetes-e2e-kind

/cc @Jefftree

/triage accepted

e2e failing due to a 502 response from google.com. I'm going to guess thats a flake?

https://prow.k8s.io/view/gs/kubernetes-ci-logs/pr-logs/pull/131632/pull-kubernetes-e2e-gce/1920264922424414208

/retest

Right now understanding which replica holds a lease is complicated as the holder identity is merely the name of the pod

@DerekFrank why is this complicated? The holder usually is a pod. What other information would you want to put in there?

Right now understanding which replica holds a lease is complicated as the holder identity is merely the name of the pod

@DerekFrank why is this complicated? The holder usually is a pod. What other information would you want to put in there?

Our main usecase is to understand which cloud provider zone a given holder is in for zonal outage fail over mechanisms. Currently to find out what zone the holder is in one would need to:

1. Parse the pod host name out of the holder identity (and hope nobody changes that format in the future)
2. Get the name of the node the pod is on from an apiserver call to get the pod object
3. Get the node labels from an api server call to get the node object
4. parse the node's labels to determine which zone it is in.

Given the nature of zonal outages, this makes any failover mechanism susceptible to all sorts of dependency failures.

Our main usecase is to understand which cloud provider zone a given holder is in for zonal outage fail over mechanisms.

Could you elaborate a bit as to why you need failure domain info to do failover? Another replica will automatically take over or not? Furthermore the failure domain really is a correlation, how would you be able to tell the failure was in any way caused by the replica being in a given failure domain?

Could you elaborate a bit as to why you need failure domain info to do failover? Another replica will automatically take over or not? Furthermore the failure domain really is a correlation, how would you be able to tell the failure was in any way caused by the replica being in a given failure domain?

Apologies, I should have been more clear. I am attempting to setup a mechanism that, when manually activated, will force failover to happen for all controllers within a specific zone. This is useful for maintaining availability when there are known partial zonal outages for underlying cloud provider services.

For an example, if a cloud provider is having a partial networking outages within a specific zone such that some calls from a controller to the control plane fail but some do not, the controllers in that zone will most likely be able to maintain leadership status. This is not ideal as they will be failing to perform optimally due to the dropped calls. We would be able to see that the controllers are impacted through routine monitoring, and could then leverage the fail over mechanism. The goal of the mechanism would be to force replicas in another zone to take leadership of the lease, mitigating impact until the partial networking outage can be resolved. Ideally the mechanism does this without relying on being able to communicate with the controllers in the affected zone as we know it will be impaired.

For an example of how the label could be used, if the lease holders added their zonal information to the lease renewal requests, the api server will be able to reject lease renewal requests that originate from the impaired zone. I'm not suggesting adding that functionality specifically

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: DerekFrank, jpbetz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

/lgtm

LGTM label has been added.