-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NETOBSERV-1811 set namespace ownership #763
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/ok-to-test |
New images:
They will expire after two weeks. To deploy this build: # Direct deployment, from operator repo
IMAGE=quay.io/netobserv/network-observability-operator:b643c95 make deploy
# Or using operator-sdk
operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:v0.0.0-b643c95 Or as a Catalog Source: apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: netobserv-dev
namespace: openshift-marketplace
spec:
sourceType: grpc
image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-b643c95
displayName: NetObserv development catalog
publisher: Me
updateStrategy:
registryPoll:
interval: 1m |
@jpinsonneau - I tested this and it works. The custom labels and modifications does persist after this change. Do you think it would be useful to add regression test for this bug? |
I don't feel it's mandatory but it's good to have especially since we are going to start documenting aroud this behavior to solve the customer case linked in the ticket. FYI this apply on any yaml owned by the controller, not only namespace. |
Hold on, what happens with this change if we delete the FlowCollector => the namespace will be deleted as well, right? That could be too brutal. E.g. if a user installed Loki in the same namespace, they'd loose it, including its PVC etc. |
An alternative to setting ownership could be here to just extract the extra labels and reinject them in the desired namespace object ? wdyt? |
So if you simply invert the The console usually asks you if you want to cascade or not the deletion but I don't think it's the case using kubectl / oc commands. |
Not sure to get what you mean.. If we change for k, v := range nsExist.ObjectMeta.Labels {
if _, exists := desiredNs.ObjectMeta.Labels[k]; !exists {
desiredNs.ObjectMeta.Labels[k] = v
}
}
I'm not against that but I think it's a different thing. Here reading @stleerh 's ticket, I don't think he wants to make the namespace unmanaged. It's more a matter of having it co-managed, we want to manage the bits that we need but without deleting stuff written by others. In fact, we already do that for some resources, like Services: on update, we don't recreate them totally from scratch, we keep some existing bits. The 5 lines of code above would just do that. |
@jotak following our discussion I reworked the code to implement a @memodi sorry we changed the way it's implemented here. Let's validate the approach before doing QE validation. |
merging for branch cut, to be verified post-merge |
Description
Set namespace ownership using a new
netobserv-managed: true
label so users can bypass reconcile loop if they want to customize labels by setting it to false.The
ownerReference
is not set to namespace object to avoid unexpected deletions.Dependencies
n/a
Checklist
If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.