Skip setting owner refs for objects that don't support it #184
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
Welcome @tomasaschan! |
|
Hi @tomasaschan. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-ok-to-test
k8s-ci-robot
added
sig/api-machinery
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
| if owner.GetNamespace() != "" && owner.GetNamespace() != o.Namespace { | ||
| // a namespaced object can only own objects within the same namespace, not objects in other namespaces or cluster-scoped objects | ||
| // for any other combination, skip setting owner reference here, to allow declarative.SourceAsOwner to be used for the | ||
| // subset of objects that make up a supported combination |
There was a problem hiding this comment.
This condition should be logged like above.
There was a problem hiding this comment.
I agree we should alert, but I've been thinking about who we are alerting for. I think the answer is that we are alerting for the addon operator developer, but not the addon operator user. There's actually a whole set of these, particularly as we improve the functionality (e.g. reuse of the RESTMapper), which include recommended but not required code changes.
I think I'm going to merge this PR as-is therefore, but then try to implement a "developer notification" mode.
There was a problem hiding this comment.
@justinsb I'm happy to amend this PR with logging if you'd like, but we currently have a rather ugly workaround with a custom declarative.WithObjectTransform that would be nice to get rid of, so if merging this and then adding new logging mechanism can be done in separate step's I'll be happy about it :)
|
/approve |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: justinsb, tomasaschan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
What this PR does / why we need it:
Before this fix, a declarative controller using
declarative.WithOwner(declarative.SourceAsOwner)will end up in an infinite reconciliation loop if any of the manifests in the package do not support having the declarative object as its owner.For example, consider a namespaced declarative object
foo/fooof typeFoo, installing a package that adds a few objects (say, twoBars) in the same namespace plus another object (say, aBaz) in a fixed namespacequx. With the old behavior of this reconciler, the following happens:The reconciler creates all objects in the package, setting owner references to an object with the same group, version, kind and name as the declarative object, and the same namespace as each respective object from the package. In other words, we get two
Bars infooowned byfoo/foo, and aBazinquxowned byqux/foo.Since
qux/foodoes not exist, the API server decides that it must have been deleted, and that meansqux/bazshould also be deleted (its owner no longer exists).The reconciler is notified, and determines that
qux/bazis missing, re-adding it again with an owner reference toqux/foo.Go back to step 2.
With the change in this PR, the reconciler will instead skip setting an owner reference on
qux/foo, avoiding the infinite loop at the cost ofqux/foonow being a "dangling" object; if/when the declarative objectfoo/foois deleted,qux/foowill be left untouched in the cluster.Which issue(s) this PR fixes:
Fixes #176