jmleddy
commented
1 month ago Here's the reproducer if needed:
james@M-D19FP4G4QL ~/src/kube-resources $ kubectl get sa vmagent-az1
NAME SECRETS AGE
vmagent-az1 0 95d
james@M-D19FP4G4QL ~/src/kube-resources $ kubectl get sa vmagent-az1 -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: "2024-02-09T15:55:25Z"
finalizers:
- apps.victoriametrics.com/finalizer
<snip>
james@M-D19FP4G4QL ~/src/kube-resources $ kubectl delete sa vmagent-az1
serviceaccount "vmagent-az1" deleted
^Z
[1]+ Stopped kubectl delete sa vmagent-az1
james@M-D19FP4G4QL ~/src/kube-resources $ kubectl get sa vmagent-az1 -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: "2024-02-09T15:55:25Z"
deletionGracePeriodSeconds: 0
deletionTimestamp: "2024-05-15T12:56:27Z"
finalizers:
- apps.victoriametrics.com/finalizer
<snip
james@M-D19FP4G4QL ~/src/kube-resources $ kubectl get pods
NAME READY STATUS RESTARTS AGE
vmagent-az1-0 3/3 Running 0 6d15h
vmagent-az2-0 3/3 Running 0 6d15h
james@M-D19FP4G4QL ~/src/kube-resources $ kubectl rollout restart sts vmagent-az1
statefulset.apps/vmagent-az1 restarted
james@M-D19FP4G4QL ~/src/kube-resources $ kubectl get pods
NAME READY STATUS RESTARTS AGE
vmagent-az1-0 1/3 PostStartHookError 0 (13s ago) 89s
vmagent-az2-0 3/3 Running 0 6d16h
james@M-D19FP4G4QL ~/src/kube-resources $
f41gh7
Currently, if by mistake ServiceAccount ( or any other object) was deleted, operator doesn't remove finalizer for it. Since parent object wasn't marked as deleted. It blocks kubernetes control-plain operations.
Proposed solution: 1) check for deletion timestamp. 2) if timestamp is not zero, remove finalizer and raise an error 3) object must be recreated and the next reconcile loop.