-
Notifications
You must be signed in to change notification settings - Fork 38.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Finalizer Removal Race Condition / Json StrategicMergePatch Delete by Value #111643
Comments
/sig api-machinery |
your custom resource set ownerreferences to node, so while deleting node, the garbage collector controller will wait your object to be deleted and then remove foregroundDeletion finilizer, if just this time, your operator also remove your customer finilizer myotherfinalizer, it may cause the error you said above as conflict. |
I need my finalizer in all cases, even if the user uses --orphan on the parent resource. The challenge here is that I don't have a mechanism via the Kubernetes API to remove a single finalizer, and the API Server appears to have an eventually consistent view of the world when checking my patch. |
/assign @caesarxuchao @lavalamp |
Have you tried with serverside apply? If we have annotated the type correctly, you should be able to do this. |
Will give it a shot. Will that merge lists? |
It will. Lists of primitives don't have a direct deletion incantation. You may have to own it and then send a change omitting it to have the server remove it. Fortunately you probably already own it -- you can look at existing objects to see if it is owned separately and what the manager's name is if so. cc @apelisse |
What this means is that every time you do a server-side apply, you MUST specify the finalizer, until you want to remove it, then you should apply without it and it will drop it. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
Thanks! |
Just in case anyone else runs across this issue, this is also solved by strategic merge patching (which has a delete by key concept on primitive lists), the only problem with that solution is that it only works for core API types, CRDs still don't have support for strategic merge patching; so, a good out if you don't want to go down the SSA path is just to do a plain Update and deal with the conflicts. |
@jonathan-innis wanna open an issue for this? (is there already one?) |
There is no plan to support strategic merge patch on CRDs. JSON patch, merge patch, and server-side apply are it. |
What happened?
I work on an operator that applies a finalizer on node objects. When a nodes is deleted, my operator checks for the existence of the underlying instance object and removes the finalizer if the instance is gone. Additionally, my operator applies ownerreferences to node objects that reference a parent object.
Here's the order of operations:
finalizers = { foregroundDeletion, myotherfinalizer }
finalizers = { foregroundDeletion }
This quickly self heals and retries, but results in pretty noisy logs. My guess is that the API Server I'm receiving the watch event from is different from the API Server I'm sending the PATCH request to, and the second API Server doesn't yet have knowledge of the
foregroundDeletion
finalizer.I was looking into ways to delete an object by value via a merge patch (e.g., ask specifically for my finalizer to be deleted, w/o knowledge of other finalizers), but it looks like this isn't currently supported by the spec: json-patch/json-patch2#18.
What did you expect to happen?
There are a couple of paths I see here:
How can we reproduce it (as minimally and precisely as possible)?
Minimal controller-runtime controller that removes a finalizer and trigger w/ foreground deletion request.
Anything else we need to know?
No response
Kubernetes version
Cloud provider
OS version
Install tools
Container runtime (CRI) and version (if applicable)
Related plugins (CNI, CSI, ...) and versions (if applicable)
The text was updated successfully, but these errors were encountered: