Allow control of finalization garbage collection with .spec.deletionPolicy#1314
Merged
stefanprodan merged 1 commit intofluxcd:mainfrom Dec 19, 2024
Merged
Allow control of finalization garbage collection with .spec.deletionPolicy#1314stefanprodan merged 1 commit intofluxcd:mainfrom
.spec.deletionPolicy#1314stefanprodan merged 1 commit intofluxcd:mainfrom
Conversation
Member
stefanprodan
left a comment
stefanprodan
left a comment
There was a problem hiding this comment.
Please add a new section to the API docs right after https://github.com/fluxcd/kustomize-controller/blob/main/docs/spec/v1/kustomizations.md#prune
matheuscscp
reviewed
Dec 16, 2024
Member
matheuscscp
left a comment
matheuscscp
left a comment
There was a problem hiding this comment.
Thanks for this contribution! I think it's a really valuable one.
tenstad
reviewed
Dec 16, 2024
stefanprodan
added
enhancement
erikgb
force-pushed
the
finalizer-tuning
branch
from
0cba19c to
90c3721
Compare
Contributor
Author
|
Ok, it seems like we are approaching something here. 😸 I have just rebased and squashed all commits. The PR should be ready to merge if you are satisfied with the proposed changes. Thanks for all the reviews! 🙏 |
tenstad
reviewed
Dec 17, 2024
matheuscscp
reviewed
Dec 17, 2024
Member
matheuscscp
left a comment
matheuscscp
left a comment
There was a problem hiding this comment.
Great stuff, I'm ready to give my approval after all the open discussions are resolved!
Signed-off-by: Erik Godding Boye <egboye@gmail.com> Co-authored-by: Stefan Prodan <stefan.prodan@gmail.com> Co-authored-by: Amund Tenstad <github@amund.io>
erikgb
force-pushed
the
finalizer-tuning
branch
from
a681e26 to
c38ebab
Compare
Contributor
Author
|
@matheuscscp All discussions should now be resolved. Can you please approve CI to see if I made any mistakes in the test refactoring? |
matheuscscp
approved these changes
Dec 18, 2024
Member
matheuscscp
left a comment
matheuscscp
left a comment
There was a problem hiding this comment.
Great contribution! Thanks @erikgb
tenstad
approved these changes
Dec 18, 2024
stefanprodan
changed the title
.spec.deletionPolicy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The
prunesetting of Kustomizations has a two-fold behavior. When set totrueFLux will:We would like to have 1, but not 2, and this is currently not possible. This PR introduces a new API field allowing control over finalization garbage collection independently of
prune.Some background/motivation for this proposed enhancement:
We are using Flux to provision review environments in a multi-tenant environment (shared cluster), and our tenants are not allowed to create Kubernetes namespaces directly. Instead they have to use a custom namespace-scoped resource as a controller for the namespace (and RBAC). This indirect management of namespaces makes it hard to create Kustomizations inside review namespaces. To overcome this, we use the
targetNamespacefield. This works well when the review namespace is created. But when the review namespace is teared down by our review environment automation, there is a finalization race condition between Flux and our namespace controller. If Flux looses this race, the Kustomization is stuck in non-finalized state (because the namespace is gone) and requires manual intervention from a cluster-admin. This is something we definitely would like to avoid! Since the namespace is controlled and eventually deleted by our namespace controller, no resources are in fact orphaned if we disable FLux garbage collection.Orphaning resources is generally a bad idea, but is sometimes required. 😉
Once we agree on the naming, I will submit a PR to update the docs in the website repo.Close #662