-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resolving refs finds objects in terminating state #261
Comments
Fixes: crossplane#261 Signed-off-by: Lars Haugan <lars@larshaugan.net>
Fixes: crossplane#261 Signed-off-by: Lars Haugan <lars@larshaugan.net>
Fixes: crossplane#261 Signed-off-by: Lars Haugan <lars@larshaugan.net>
Fixes: crossplane#261 Signed-off-by: Lars Haugan <lars@larshaugan.net>
Fixes: crossplane#261 Signed-off-by: Lars Haugan <lars@larshaugan.net>
What is the scenario that requires you to reference a |
Yeah, this is about being able to recreate (or just delete) a composition or managed object that is referenced from another. For example, if you have an App and a DB, and the DB references the App in an inbound security group rule. #328 will definitively help, but wouldn't it be 50-50 selecting the terminating object instead? So after 6 reconciles there's a 1% chance of all the reconciles selecting the terminating object? And AWS will not allow that object to terminate because of the reference. And if the new object is "named" in AWS and not "random ID"-based, there will never be two objects available at the same time. In that case, the situation will never clear up. So I think during resolution, we should still skip terminating objects, but the implementation will be much simpler thanks to #328. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
/fresh |
Crossplane does not currently have enough maintainers to address every issue and pull request. This issue has been automatically marked as |
What happened?
When using references to other objects, the object is resolved even though the referenced object is in a terminating state.
How can we reproduce it?
We can reproduce this with the usage of AWS
SecurityGroups
where AWS checks if the SG ID is in use elsewhere.Delete the application security group that is referenced by redis security group, which will hang because of blocking AWS api.
This will result in the following, since redis-sg now depends on app-sg, and on reconcile the object reference will see the app-sg even though it is in an unready state.
The event on app-sg is the following:
Expected behaviour
In #250 it is describe that it should work with clearing the reference, but this does not seem to be the case.
I assume that there is a missing condition at references.go as the destination object is not checked.
What environment did it happen in?
Crossplane version: 1.1.0
Cloud provider: provider-aws 0.17 + PR crossplane-contrib/provider-aws#614
Kubernetes version: 1.18
Kubernetes distribution: EKS
The text was updated successfully, but these errors were encountered: