-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tanka should explicitly warn when deleting a Namespace object #311
Comments
Issue-Label Bot is automatically applying the label Links: app homepage, dashboard and code for this bot. |
What about aborting deleting a ns if a namespace contains things we don't own? |
Sounds like a good combination, have both a warning (to make sure the action was intended) and abort (because conflict of ownership). The abort might come at a performance penalty, I don't know the implementation details. |
Now that we also have I see three ways here:
I favor option 2 and we should also have the delete message print a warning that we delete a namespace and how many objects are still in there |
I don't see why Do you mean warning before confirmation? As in,
You could go one step further and say 'Type namespace default to delete:'. Personally I'm not a fan of the 'dangerous' keyword, most commands I know use |
Actually thinking about this, if we deleted everything else before namespaces (happens like this anyways), we could then check whether it is empty. If it is, no worries, delete it. If it is not, abort and let the user know. No need for warnings or more manual approval. wdyt? |
Yes, that nails it, I'd say. |
Sounds very unix-y: |
In our multi-tenant environment, we have an out of band process to create and delete namespaces (to allow setting credentials for the namepace default serviceaccount and other policies. I would not want tanka to delete the namespace even if empty because it is hard for the tenant to recreate it. |
If the namespace is not created using Tanka, it's doesn't consider it owned (no label) and not in Jsonnet, so it'll never delete it. This is only about namespaces created as part of the environment. You need to make sure to not actually include the namespace as an object in your Jsonnet though |
I'd definitely vote for an option to include/exclude the namespace in the deletion. Then also require |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
I tried to address not deleting namespaces in #477 but I think we have too jump way too many hoops and if not that there are a bunch of caveats that we don't yet see. How do we feel about just warning before the apply? Then this issue becomes low hanging fruit with little impact on how Tanka works.
|
Ha, seems like I already propose that structure. ^^ 🤦 |
A library may have something like this, pretty innocent:
If tanka uses the prune labels, it will happily label the namespace object as part of the environment, even though the object exists. Now,
tk prune
will pick up that object, just like any other and offer it tokubectl
to delete it.I'd like to propose a BIG FAT warning right before confirming for any namespace deletions, as deleting them might turn out really disastrous.
The text was updated successfully, but these errors were encountered: