为什么kube-controller-manager启动后https长连接数量是2

k8s v1.19.0

单节点集群2条长连接

编译二进制并调试

cd cmd/kube-controller-manager && go build

# vscode launch.json
{
    "name": "Launch",
    "type": "go",
    "request": "launch",
    "mode": "exec",
    "program": "/root/code/gomod/k8s.io/kubernetes/cmd/kube-controller-manager/kube-controller-manager",
    "env": {},
"args": ["--allocate-node-cidrs=true", "--authentication-kubeconfig=/etc/kubernetes/controller-manager.conf","--authorization-kubeconfig=/etc/kubernetes/controller-manager.conf","--bind-address=127.0.0.1","--client-ca-file=/etc/kubernetes/pki/ca.crt","--cluster-cidr=10.16.0.0/16","--cluster-name=kubernetes","--cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt","--cluster-signing-key-file=/etc/kubernetes/pki/ca.key","--controllers=*,bootstrapsigner,tokencleaner","--kubeconfig=/etc/kubernetes/controller-manager.conf","--leader-elect=true","--node-cidr-mask-size=24","--port=0","--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt","--root-ca-file=/etc/kubernetes/pki/ca.crt","--service-account-private-key-file=/etc/kubernetes/pki/sa.key","--service-cluster-ip-range=10.96.0.0/12","--use-service-account-credentials=true"]
}

启动日志

参考v1.26.0 kube-controller-manager

DynamicServingCertificateController基于front-proxy-ca.crt创建第1条长连接。
LeaderElection基于controller-manager.conf创建第2条长连接。
与kube-scheduler类似，因使用证书不同而创建2条不同的长连接，由informer和leaderelection维持2条长连接。