-
Notifications
You must be signed in to change notification settings - Fork 821
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add annotation to the the resource template to prevent removal managed resources #4788
base: master
Are you sure you want to change the base?
Add annotation to the the resource template to prevent removal managed resources #4788
Conversation
c0d0ad6
to
a874076
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## master #4788 +/- ##
==========================================
+ Coverage 53.31% 53.34% +0.02%
==========================================
Files 252 253 +1
Lines 20539 20565 +26
==========================================
+ Hits 10951 10971 +20
- Misses 8862 8868 +6
Partials 726 726
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
a874076
to
c5994f0
Compare
7884969
to
c5994f0
Compare
7c42d71
to
97504f8
Compare
6411574
to
a302c57
Compare
a302c57
to
0a5d11d
Compare
9c6f601
to
fb5afd1
Compare
|
||
// OrphaningDeletionIncomplete means that work object and the resource willed be kept. | ||
// But if work object deleted manually, cleanup the labels/annotations from the resource on member clusters | ||
OrphaningDeletionIncomplete OrphaningDeletion = "Incomplete" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a usage scenario for this type?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a usage scenario for this type?
Refer to #3004
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After reading the description and discussion in this issue, it seems that the work is not required to be retained. In terms of use, what can be done to retain work?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can first just implement Complete
and Never
, and discuss the other options later once we have more specific requirements.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can first just implement Complete and Never, and discuss the other options later once we have more specific requirements.
All right!
if err := helper.DeleteWorks(c.Client, req.Namespace, req.Name, binding.Labels[workv1alpha2.ResourceBindingPermanentIDLabel]); err != nil { | ||
klog.Errorf("Failed to delete works related to %s/%s: %v", binding.GetNamespace(), binding.GetName(), err) | ||
return controllerruntime.Result{}, err | ||
if binding.Spec.OrphaningDeletion == policyv1alpha1.OrphaningDeletionNever || binding.Spec.OrphaningDeletion == policyv1alpha1.OrphaningDeletionComplete { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest using a switch
here, as it will make the logic clearer. It will also make it easier for us to add comments for each case
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest using a switch here, as it will make the logic clearer. It will also make it easier for us to add comments for each case.
Only one case now, it's not necessary
4f30d77
to
ed29102
Compare
// +kubebuilder:default="Never" | ||
// +kubebuilder:validation:Enum=Never;Complete | ||
// +optional | ||
OrphaningDeletionPolicy OrphaningDeletionPolicyType `json:"orphaningDeletionPolicy,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe we only need to add this field in PP
. The work
does not require this field.
In addition, I don't think the current implementation can fully handle all situations.
Here's a new idea:
When users set orphaningDeletionPolicy
of PP as Complete
.
The specific implementation should be adding an annotation
on the workloadTemplat
e of the control plane, similar to orphaningDeletionPolicy.karmada.io: "Complete"
Then when deleting workloadTemplate
in execution_controller
, check if workloadTemplate
has annotation orphaningDeletionPolicy.karmada.io
. If it is Complete
, do not delete it.
The benefits are:
- The personnel creating the
workloadTemplate
can also control whether this application needs to be retained in member clusters, rather than only those who create PP. - Resources like namespace that do not have
PP
can also be deleted on the control plane without being deleted from member clusters.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Then when deleting workloadTemplate in execution_controller, check if workloadTemplate has annotation orphaningDeletionPolicy.karmada.io. If it is Complete, do not delete it.
Execution controller must watch all origin resource such as resourceTemlate 、namespace and so on, which make too complicated, I don't think that's a good idea.
I think for namespace, can add annotation like orphaningDeletionPolicy.karmada.io: "Complete"
; FederatedResourceQuota those create work object direct, by adding field orphaningDeletionPolicy: Complete
if necessary
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Execution controller must watch all origin resource such as resourceTemlate 、namespace and so on
There's no need, this is existing logic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is no different from directly adding annotations to the resource template. In addition, users can directly skip pp to control the annotation value on the resource template.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is no different from directly adding annotations to the resource template. In addition, users can directly skip pp to control the annotation value on the resource template.
Yes, I think that's reasonable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe we only need to add this field in PP. The work does not require this field.
+1, but I prefer to decouple from PP/CPP, cause I'm afraid this is very unfriendly to administrators if the system also has the PropagationPolicyPreemption
feature turned on. in addition, I feel that propagation policies are becoming more and more complex, and almost all new features must consider adding APIs to it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but I prefer to decouple from PP/CPP, cause I'm afraid this is very unfriendly to administrators if the system also has the PropagationPolicyPreemption feature turned on.
Can you give an example of this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I get your meaning. How do you think @CharlesQQ @chaunceyjiang @RainbowMango
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but I prefer to decouple from PP/CPP, cause I'm afraid this is very unfriendly to administrators if the system also has the PropagationPolicyPreemption feature turned on.
I do not quite understand how unfriendly
here, I think the preemption is clear that after a PropagationPolicy(with higher priority) successfully preempted a resource, then the resource should be propagated as per the PropagationPolicy.
Hi @CharlesQQ @chaunceyjiang Is there any blockage in this PR now? Can we move forward? |
|
||
// OrphaningDeletionComplete means that the resource in member clusters completely independent of karmada | ||
// Not only cleanup the labels/annotations from the resource on member clusters, but also delete work object in control plane | ||
OrphaningDeletionComplete OrphaningDeletionPolicyType = "Complete" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Complete sounds a bit confusing. Is it possible to call it CompleteDelete
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ArgoCD uses the term "cascade"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#4788 (comment) Regarding this plan, it seems that there is no conclusion yet? |
Let's invite @RainbowMango and @whitewindmills give some opinion. |
if err := helper.DeleteWorks(c.Client, req.Namespace, req.Name, binding.Labels[workv1alpha2.ResourceBindingPermanentIDLabel]); err != nil { | ||
klog.Errorf("Failed to delete works related to %s/%s: %v", binding.GetNamespace(), binding.GetName(), err) | ||
return controllerruntime.Result{}, err | ||
if binding.Spec.OrphaningDeletionPolicy == policyv1alpha1.OrphaningDeletionNever || binding.Spec.OrphaningDeletionPolicy == policyv1alpha1.OrphaningDeletionComplete { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
feel unnecessary to add such a statement.
/assign |
Yes, To sum up, it seems inappropriate to put fields in pp/cpp |
@XiShanYongYe-Chang @RainbowMango @CharlesQQ @whitewindmills |
We may not reached a unanimous conclusion yet. Work suspension might also can learn from this discussion. They are both processing policies for resource templates and can be decoupled from PP. There should be three options at this point,
You can publish it, or we can have a meeting to discuss and decide. |
Can we set up a time to discuss this plan? When would be a good time for you, or maybe next Tuesday at the community meeting? |
Any update on this one? |
@buji-code Yeah, after discussion at the community meeting, we decided to try out solution 2 and 3. This work will start in the next release, early next month. |
Hi guys @CharlesQQ @whitewindmills @chaunceyjiang @RainbowMango @buji-code Can we proceed with |
ed29102
to
ac35a37
Compare
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
ac35a37
to
ea6e382
Compare
…vent removal managed resources Signed-off-by: chang.qiangqiang <[email protected]>
ea6e382
to
2e44070
Compare
@@ -152,11 +152,21 @@ func (c *Controller) tryDeleteWorkload(clusterName string, work *workv1alpha1.Wo | |||
klog.Errorf("Failed to unmarshal workload, error is: %v", err) | |||
return err | |||
} | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can write an e2e to test this PR.
- Check whether the resources in the member cluster have cleared the unique label of karmada.
- Detect whether the resource still exists in the member cluster after the control plane deletes it.
- The resources tested should include
namespace
resources.
What type of PR is this?
What this PR does / why we need it:
Extend the API field orphaningDeletion to prevent removal managed resources
Which issue(s) this PR fixes:
Fixes #4709
Special notes for your reviewer:
Does this PR introduce a user-facing change?: