Skip to content
This repository has been archived by the owner on Jun 26, 2023. It is now read-only.

HNC: Allow NS deletion if the request cannot be decoded in K8s versions <1.15 #688

Closed
yiqigao217 opened this issue May 4, 2020 · 1 comment · Fixed by #747
Closed

HNC: Allow NS deletion if the request cannot be decoded in K8s versions <1.15 #688

yiqigao217 opened this issue May 4, 2020 · 1 comment · Fixed by #747
Milestone
hnc-v0.4

Comments

@yiqigao217
Copy link
Contributor

See #680

A workaround to make it safer before the issue is fixed is to: Allow namespace deletion if the request cannot be properly decoded in the namespace webhook.

This workaround makes it possible to delete namespaces in <1.15 but won't prevent deleting self-service namespaces by mistake. It shouldn't affect any HNC features in >=1.15.
@yiqigao217
Copy link
Contributor Author

/cc @adrianludwin to add v0.4 milestone

@adrianludwin adrianludwin added this to the hnc-v0.4 milestone May 4, 2020
adrianludwin added a commit to adrianludwin/multi-tenancy that referenced this issue May 20, 2020
@adrianludwin
Allow namespace deletion in K8s 1.14
6cd1100 
See kubernetes-retired#688. If we
can't validate the deletion because OldObject doesn't exist, we need to
just allow the deletion.

In the case of a namespace with children and allowCascadingDelete
*unset*, this will delete the parent but *not* the children; they will
be left with two conditions (CritMissingParent and
MissingSubnamespaceAnchor). If allowCascadingDelete *is* set, everything
will work properly.

Tested: verified that everything works as expected in 1.14 and that
there are no changes in 1.16.
@adrianludwin adrianludwin mentioned this issue May 20, 2020
Merged
adrianludwin added a commit to adrianludwin/multi-tenancy that referenced this issue Jul 15, 2020
@adrianludwin
Unbreak object validator on 1.14
b8922bb 
See kubernetes-retired#688 and kubernetes-retired#889 - validators need to be able to handle that OldObject
might not be populated in K8s 1.14

Tested: can delete an empty (!) subnamespace in 1.14 with this change,
while it hangs forever and prints out error messages from the object
validators without this change. See kubernetes-retired#889 for more information.
@adrianludwin adrianludwin mentioned this issue Jul 15, 2020
Merged
adrianludwin added a commit to adrianludwin/multi-tenancy that referenced this issue Jul 22, 2020
@adrianludwin
Unbreak object validator on 1.14
162841f 
See kubernetes-retired#688 and kubernetes-retired#889 - validators need to be able to handle that OldObject
might not be populated in K8s 1.14

Tested: can delete an empty (!) subnamespace in 1.14 with this change,
while it hangs forever and prints out error messages from the object
validators without this change. See kubernetes-retired#889 for more information.
@adrianludwin adrianludwin mentioned this issue Jul 22, 2020
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
hnc-v0.4
Development

Successfully merging a pull request may close this issue.

Allow namespace deletion in K8s 1.14 adrianludwin/multi-tenancy
2 participants
@adrianludwin @yiqigao217