Comments (22)
👍 will get a PR ready later for this
from bonny.
from bonny.
🤦 :sha
does :sha1
doesn't .... trying to get an integration test going with the :sha
from bonny.
@mruoss I know what we are discussing is more relating to the https://kubernetes.io/docs/concepts/architecture/leases/#custom-workload section that doesn't ask for sha256. But I think if it's possible to use sha256 it would be better. Otherwise I'm not really opposed to any other algorithm, I just gave my 2 cents in the discussion :D
from bonny.
well... it is not supposed to be secure... it is just used to create a safe name for a lease.
Potentially we could use a different hash algorithm. But we need to make sure the lease name is the same on all replicas (i.e. don't use salt or similar).
from bonny.
from bonny.
That would be great. No, just use a new algorithm.
from bonny.
Sha-1 should do the trick, right?
from bonny.
from bonny.
I am worried about the length...
from bonny.
Maybe just grab the first 16 to keep the same length since this is only for leader election?
:crypto.hash(:sha256, "asdf") |> String.slice(0..15) |> Base.encode16() |> String.downcase() |> IO.inspect
:crypto.hash(:sha256, "qwer") |> String.slice(0..15) |> Base.encode16() |> String.downcase() |> IO.inspect
:crypto.hash(:sha256, "asdf") |> String.slice(0..15) |> Base.encode16() |> String.downcase() |> String.length()
from bonny.
:sha
doesn't work?
from bonny.
debugging the integration test now:
15:40:05.174 [debug] {Operator=REDACTED.Operator} - Starting leadership evaluation
Erlang/OTP 26 [erts-14.2.2] [source] [64-bit] [smp:16:2] [ds:16:2:10] [async-threads:1] [jit:ns]
Interactive Elixir (1.16.1) - press Ctrl+C to exit (type h() ENTER for help)
15:40:05.189 [debug] K8s.Client.Mint.ConnectionRegistry other message received: {:ssl, {:sslsocket, {:gen_tcp, #Port<0.8>, :tls_connection, :undefined}, [#PID<0.2094.0>, #PID<0.2093.0>]}, <<0, 0, 30, 4, 0, 0, 0, 0, 0, 0, 5, 0, 4, 0, 0, 0, 3, 0, 0, 0, 100, 0, 6, 0, 16, 1, 64, 0, 1, 0, 0, 16, 0, 0, 4, 0, 4, 0, 0>>}
15:40:05.239 [debug] {Operator=REDACTED.Operator} - I'm holding the lock. Trying to renew it
15:40:05.288 [debug] {Operator=REDACTED.Operator} - Lock successfully acquired/renewed.
15:40:05.288 [debug] {Operator=REDACTED.Operator} - I am the new leader. Starting the operator.
15:40:05.334 [debug] {Operator=REDACTED.Operator} - Starting leadership evaluation
15:40:05.423 [debug] {Operator=REDACTED.Operator} - I'm holding the lock. Trying to renew it
15:40:05.475 [debug] {Operator=REDACTED.Operator} - Lock successfully acquired/renewed.
15:40:05.475 [debug] {Operator=REDACTED.Operator} - I am the new leader. Starting the operator.
15:40:05.518 [debug] {Operator=REDACTED.Operator} - Starting leadership evaluation
15:40:05.611 [debug] {Operator=REDACTED.Operator} - I'm holding the lock. Trying to renew it
15:40:05.666 [debug] {Operator=REDACTED.Operator} - Lock successfully acquired/renewed.
15:40:05.666 [debug] {Operator=REDACTED.Operator} - I am the new leader. Starting the operator.
15:40:05.710 [debug] {Operator=REDACTED.Operator} - Starting leadership evaluation
15:40:05.800 [debug] {Operator=REDACTED.Operator} - I'm holding the lock. Trying to renew it
15:40:05.852 [debug] {Operator=REDACTED.Operator} - Lock successfully acquired/renewed.
15:40:05.852 [debug] {Operator=REDACTED.Operator} - I am the new leader. Starting the operator.
15:40:05.899 [notice] Application REDACTED exited: shutdown
15:40:05.905 [debug] K8s.Client.Mint.ConnectionRegistry DOWN of process #PID<0.2095.0> received.
iex(REDACTED@REDACTED-56d96b7c59-z7xr4)1> Kernel pid terminated (application_controller) ("{application_terminated,REDACTED,shutdown}")
Crash dump is being written to: erl_crash.dump...done
from bonny.
kubectl get lease -A | grep -i bon
default default-bonny-7c0953f1db9bc080301cdace36d39749 bonny 339d
default default-bonny-816c1063dfe66e38f5dd7915d09df8ee30315d3ef91fc69320f2feac733a4267 bonny 38m
I deleted the leases by hand just in case, but I changed it to limit to the first 16
from bonny.
Hi everybone and @spunkedy, is possible the use of sha256 to be more standard?
Take a note k8s oficially uses this algorith, according to the docs:
https://kubernetes.io/docs/concepts/architecture/leases/
from bonny.
Hi everybone and @spunkedy, is possible the use of sha256 to be more standard?
Take a note k8s oficially uses this algorith, according to the docs:
I agree that using sha256 would be desirable
from bonny.
Guys, can you elaborate a bit more on your suggestions? What makes sha256 more desirable? Remember: this is not a hash used for security...
from bonny.
Guys, can you elaborate a bit more on your suggestions? What makes sha256 more desirable? Remember: this is not a hash used for security...
This is just to make a unique lease, I have 0 preference which algorithm we do since it doesn't have to do with security at all.
from bonny.
"The SHA256 hash used in the lease name is based on the OS hostname as seen by that API server. Each kube-apiserver should be configured to use a hostname that is unique within the cluster. New instances of kube-apiserver that use the same hostname will take over existing Leases using a new holder identity, as opposed to instantiating new Lease objects. You can check the hostname used by kube-apisever by checking the value of the kubernetes.io/hostname label:
"
Although it does not explain why the documentation indicates the use of sha256 under some rules. I think it would be desirable to follow the example of the official documentation if possible, even if no other reason or impediment acts. Just for consistency with the documentation.
from bonny.
I don't mind refactoring this to work off of the hostname for the lease. I don't see it being a problem for statefulsets vs deployments.
Would we prefer that?
from bonny.
Using the hostname for our lease would defeat the purpose. While in the linked example the lease is used to communicate the API Server's identity, we use the lease for leader election. We explicitly want one single leader over all hosts :)
from bonny.
Using the hostname for our lease would defeat the purpose. While in the linked example the lease is used to communicate the API Server's identity, we use the lease for leader election. We explicitly want one single leader over all hosts :)
Agreed.
I think we might be overcomplicating this all. Just updated #276
from bonny.
Related Issues (20)
- Operator does not create the resources HOT 12
- Reduce Code Generation HOT 2
- Error :cluster_not_registered HOT 1
- Error on create HPA resource HOT 7
- The current CRD from `mix bonny.gen.manifest` doesn't work on later version of k8s HOT 19
- Missing priv folder in hex release 0.5.0 HOT 1
- cluster_name/0 is undefined HOT 4
- mix bonny.gen.manifest add an override callback
- Implement observedGeneration
- Multiple controllers handling same descendant kind HOT 7
- Initial test setup errors on application start. HOT 5
- An error is being thrown for deployments but not hpas. HOT 4
- Use strategic merge patch to add finalizers HOT 1
- Add multiple different resources with the same name in the pipeline for register_descendants
- Reconciled deletes don't seem to happen easily HOT 3
- Leader Election HOT 5
- Bonny Events throw without :operator_name in prod HOT 2
- Error with dependent resources HOT 7
- LeaderElector error on leader change HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bonny.