search

admiraltyio / admiralty

A system of Kubernetes controllers that intelligently schedules workloads across clusters.
https://admiralty.io
Apache License 2.0
683 stars 86 forks source link

reconciliation for PodChaperons #151

Closed ahmetb closed 1 year ago

ahmetb commented 2 years ago

I don't know if this is tracked (maybe #145 ?) but it seems like if someone goes and deletes PodChaperon in a target cluster, it is not reconciled indefinitely.

adrienjt commented 2 years ago

First of all, why would someone do that?

Could you prevent that from happening? PodChaperons are sort of an implementation detail, so RBAC could hide them.

If not, would you like the PodChaperon to be recreated (with a similar consequence as recreating delegate pods when they're deleted, which is that proxy pods appear to resurrect and surprise controllers that don't expect it, as in #149)?

Or should the proxy pod show the last status of the deleted delegate pod? Do we need PodChaperon / delegate pod deletion protection finalizers (like PV/PVC protection) to ensure that the last status is captured.

Should we delete the proxy pod, as mentioned in #145?

ahmetb commented 2 years ago

First of all, why would someone do that?

An example I can think of is etcd backup/restore.

Without tracking Podchaperons, it can lead to orphaned PodChaperons when a proxy pod is deleted, or a proxy pod might think a chaperon exists whereas it was gone during a restored backup.

adrienjt commented 1 year ago

orphaned PodChaperons when a proxy pod is deleted

fixed by #180

or a proxy pod might think a chaperon exists whereas it was gone

proxy pod should be deleted in this case