Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide a way to identify operator generated resoruces #50

Open
bergerx opened this issue May 25, 2020 · 7 comments
Open

Provide a way to identify operator generated resoruces #50

bergerx opened this issue May 25, 2020 · 7 comments

Comments

@bergerx
Copy link
Contributor

bergerx commented May 25, 2020

It could be helpful to identify the resources created by the controller. Currently some teams in our clusters are creating their own network policies and they may get confused with the new NetworkPolicies we are injecting into their namespaces. They don't have an easy way to identify how such resources are created.

The common method for such case is to place an ownerReferences to the generated object with the triggering resource's reference (e.g. NamespaceConfig). But this will likely impact the implementation of the NamespaceConfig resources' deletion since Kubernetes itself will also try to delete the owned objects once the owner resource (NamespaceConfig) is removed.

Other options could be adding an annotation/label.

@raffaelespazzoli
Copy link
Collaborator

cross-namespace owner referenced are disallowed by design, so that is not a viable option.
as far as labels go, you can put the labels yourself in the generated objects.

@bergerx
Copy link
Contributor Author

bergerx commented May 25, 2020 via email

@bergerx
Copy link
Contributor Author

bergerx commented Jul 27, 2020

We hit the issue with the fact that the metadata field is in the default always ignore list of existing resources (https://github.com/redhat-cop/namespace-configuration-operator/tree/0c1fc135a068f1cebcbfe56d7dd9c4f0e278da13#excluded-paths). So this trick doesn't work with resources which are already created.

@raffaelespazzoli
Copy link
Collaborator

I'm not sure what you mean, could you make an example?

@raffaelespazzoli
Copy link
Collaborator

also please feel free to reopen this issue if necessary.

@simon-wessel
Copy link

cross-namespace owner referenced are disallowed by design, so that is not a viable option.

It's correct that cross-namespace owner references are not allowed, but the configs are cluster-scoped. References to cluster-scoped objects are allowed (Docs).

I am seeing issues with resource cleanup when deleting namespace configs. Using the built-in cascade delete of Kubernetes would ensure the cleanup of leftover resources. Can we reopen this issue? @raffaelespazzoli

@simon-wessel
Copy link

This has become kind of a pressing issue for us as a lot of resources are not deleted after the namespace label has been removed. We need to manually identify and delete these resources. The problem seems to have been introduced in one of the two latest patch releases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants