NETOBSERV-1811 set namespace ownership #763
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/ok-to-test |
openshift-ci
bot
added
the
ok-to-test
|
New images:
They will expire after two weeks. To deploy this build: # Direct deployment, from operator repo
IMAGE=quay.io/netobserv/network-observability-operator:b643c95 make deploy
# Or using operator-sdk
operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:v0.0.0-b643c95Or as a Catalog Source: apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: netobserv-dev
namespace: openshift-marketplace
spec:
sourceType: grpc
image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-b643c95
displayName: NetObserv development catalog
publisher: Me
updateStrategy:
registryPoll:
interval: 1m |
|
@jpinsonneau - I tested this and it works. The custom labels and modifications does persist after this change. Do you think it would be useful to add regression test for this bug? |
I don't feel it's mandatory but it's good to have especially since we are going to start documenting aroud this behavior to solve the customer case linked in the ticket. FYI this apply on any yaml owned by the controller, not only namespace. |
|
Hold on, what happens with this change if we delete the FlowCollector => the namespace will be deleted as well, right? That could be too brutal. E.g. if a user installed Loki in the same namespace, they'd loose it, including its PVC etc. |
|
An alternative to setting ownership could be here to just extract the extra labels and reinject them in the desired namespace object ? wdyt? |
So if you simply invert the The console usually asks you if you want to cascade or not the deletion but I don't think it's the case using kubectl / oc commands. |
Not sure to get what you mean.. If we change for k, v := range nsExist.ObjectMeta.Labels {
if _, exists := desiredNs.ObjectMeta.Labels[k]; !exists {
desiredNs.ObjectMeta.Labels[k] = v
}
}
I'm not against that but I think it's a different thing. Here reading @stleerh 's ticket, I don't think he wants to make the namespace unmanaged. It's more a matter of having it co-managed, we want to manage the bits that we need but without deleting stuff written by others. In fact, we already do that for some resources, like Services: on update, we don't recreate them totally from scratch, we keep some existing bits. The 5 lines of code above would just do that. |
github-actions
bot
removed
the
ok-to-test
|
@jotak following our discussion I reworked the code to implement a @memodi sorry we changed the way it's implemented here. Let's validate the approach before doing QE validation. |
|
merging for branch cut, to be verified post-merge |
Description
Set namespace ownership using a new
netobserv-managed: truelabel so users can bypass reconcile loop if they want to customize labels by setting it to false.The
ownerReferenceis not set to namespace object to avoid unexpected deletions.Dependencies
n/a
Checklist
If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.