Documentation
¶
Overview ¶
Package lease implements the primary-lease runnable for the instance manager. The lease is a Kubernetes coordination.k8s.io/v1 Lease object named after the cluster. Whoever holds the lease is allowed to run as PostgreSQL primary.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// LeaseDuration is how long a lease is valid before it expires.
LeaseDuration time.Duration
// RenewDeadline is how long the holder tries to renew before giving up.
RenewDeadline time.Duration
// RetryPeriod is how frequently a non-holder retries acquiring the lease.
RetryPeriod time.Duration
// ReleasedLeaseDuration is the TTL written when explicitly releasing the lease.
ReleasedLeaseDuration time.Duration
}
Config holds the tunable timings of the primary lease. They mirror the underlying Kubernetes leader-election parameters and are sourced from the Cluster's `.spec.primaryLease` stanza (falling back to the defaults above when unset).
type Runnable ¶
type Runnable struct {
// contains filtered or unexported fields
}
Runnable manages the primary lease for this instance. It starts idle and enters the acquisition/renewal loop only after Acquire is called.
func New ¶
func New( kubeClient kubernetes.Interface, instance *postgres.Instance, ) *Runnable
New creates a new Runnable.
func (*Runnable) Acquire ¶
Acquire signals the runnable to start competing for the lease using the provided configuration, then blocks until the lease is held or ctx is cancelled. The configuration is only applied by the first call; subsequent calls reuse the timings captured at activation time.
func (*Runnable) Release ¶
Release explicitly releases the lease so that a replica can promote without waiting for the TTL to expire. It is a no-op if this pod is not the current holder (including if the lease does not exist yet). Callers must pass a fresh (non-cancelled) context; the previous run context is already cancelled by the time this is called. When invoked from the defer in cmd.go, controller-runtime has already waited for all runnables (including PostgresLifecycle) to finish, so PostgreSQL is down and releasing the lease lets a replica promote at once.
An in-place instance-manager online upgrade is the exception: PostgresLifecycle keeps PostgreSQL running while InstanceManagerIsUpgrading is set, so this instance is still the primary. Releasing then would blank the holder while we keep serving writes, opening a window for a replica to promote. We keep the lease held instead; the Identity is the pod name, which the replacement instance manager reuses, so it re-adopts the lease with no hand-over and no free-lease window.
This guard is reliable on a successful upgrade because reloadInstanceManager replaces the process with syscall.Exec, which discards the deferred reset of InstanceManagerIsUpgrading: the flag therefore stays set whenever this defer can still run. Only a failed exec resets it, and there the operator's online-upgrade failover delay covers the pod restart.
Source Files