Kong Hybrid Issues with Kong Leader Election


We run kong in hybrid mode and noticed since the last deployment that when running hybrid mode no configmap is created for leader election but pods still try to update the Configmap that was used before.

Should this configmap be created manually?

I see that the RBAC shows

k describe role -n api-gateway kong-kong
Name:         kong-kong
Labels:       app.kubernetes.io/instance=kong
Annotations:  <none>
  Resources                       Non-Resource URLs  Resource Names                              Verbs
  ---------                       -----------------  --------------                              -----
  events                          []                 []                                          [create patch]
  configmaps                      []                 []                                          [get create list watch update patch delete]
  leases                          []                 []                                          [get list watch create update patch delete]
  configmaps.coordination.k8s.io  []                 []                                          [get list watch create update patch delete]
  leases.coordination.k8s.io      []                 []                                          [get list watch create update patch delete]
  configmaps                      []                 [kong-ingress-controller-leader-kong-kong]  [get update]
  endpoints                       []                 []                                          [get]
  namespaces                      []                 []                                          [get]
  pods                            []                 []                                          [get]
  secrets                         []                 []                                          [get]
  services                        []                 []                                          [get]

But configmap kong-ingress-controller-leader-kong-kong was nerver created

The permission set is static. It needs to support either mode and there’s not much reason to remove that permission since it’s only for the single ConfigMap that the controller creates in its own namespace. DB-less instances won’t actually participate in leader election or modify the ConfigMap.