Kong Hybrid Issues with Kong Leader Election

Kubernetes
1

HI.

We run kong in hybrid mode and noticed since the last deployment that when running hybrid mode no configmap is created for leader election but pods still try to update the Configmap that was used before.

Should this configmap be created manually?

I see that the RBAC shows

k describe role -n api-gateway kong-kong
Name:         kong-kong
Labels:       app.kubernetes.io/instance=kong
              app.kubernetes.io/managed-by=Helm
              app.kubernetes.io/name=kong
              app.kubernetes.io/version=2.8
              argocd.argoproj.io/instance=kong
              helm.sh/chart=kong-2.11.0
Annotations:  <none>
PolicyRule:
  Resources                       Non-Resource URLs  Resource Names                              Verbs
  ---------                       -----------------  --------------                              -----
  events                          []                 []                                          [create patch]
  configmaps                      []                 []                                          [get create list watch update patch delete]
  leases                          []                 []                                          [get list watch create update patch delete]
  configmaps.coordination.k8s.io  []                 []                                          [get list watch create update patch delete]
  leases.coordination.k8s.io      []                 []                                          [get list watch create update patch delete]
  configmaps                      []                 [kong-ingress-controller-leader-kong-kong]  [get update]
  endpoints                       []                 []                                          [get]
  namespaces                      []                 []                                          [get]
  pods                            []                 []                                          [get]
  secrets                         []                 []                                          [get]
  services                        []                 []                                          [get]
```

But configmap kong-ingress-controller-leader-kong-kong was nerver created
2

The permission set is static. It needs to support either mode and there’s not much reason to remove that permission since it’s only for the single ConfigMap that the controller creates in its own namespace. DB-less instances won’t actually participate in leader election or modify the ConfigMap.