New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: Resources can get stuck deleting if they were never actually created due to invalid name #2607
Comments
There are patterns we could implement to make this experience better without compromising the fault tolerance guarantees, something like:
There's a good bit of complexity in making that pattern work for all cases/resource-types though, so we haven't done it so far given the simple workaround. |
Another stopgap solution is to do a better job rejecting invalid names at the k8s APIServer level. This would make the problem rarer although it could still happen. Making name validation better wouldn't resolve the cases like the permissions one mentioned in #1273 though. |
What about doing a GET for the resource and checking for a 404 response? |
I believe that GET will also 400 BadRequest because the specified name is invalid, and if we can distinguish "this name is invalid" from an error code perspective we don't need to GET we can just PUT and say "if we get the NotValidName code count that as a success and let k8s resource delete" |
This is still something we're thinking about, but there hasn't been a lot of user clamor about it and there is a workaround so its not a high priority right now. |
|
Using VS Code and doing a regex search for instances of Regex:
Doing a similar search, but just for Regex:
This implies the majority of Manually checking the search results, here are the first ten distinct cases:
|
Version of Azure Service Operator
All versions of v2
Describe the bug
Resources which fail to create because their name is invalid can get stuck deleting. This is because the operator always issues a
DELETE
HTTP request for theAzureName
of the resource and if that delete fails does not proceed with deletion of the resource in Kubernetes. This behavior (if delete fails don't delete in k8s) is desired as it prevents users from accidentally leaking resources in their Azure subscription without realizing it.In the case that the name is bad, the DELETE fails with an error saying the name is bad. For example:
or
Workaround
Annotate the resource stuck deleting with reconcile-policy: skip, which will allow the delete to proceed.
Additional context
This has been mentioned in a number of user-filed issues:
#2478
#2586
#1273
The text was updated successfully, but these errors were encountered: