Open bittner opened 3 years ago
AFAIK the tests should cover this...
We should also check the possibility for race conditions. Maybe a simple sleep 5
fixes it, or cleanup before applying (could also be dangerous)
I noticed that the current oc image is using seiso 0.6.0, which is very outdated. There have been lots of changes since, but no new release tag (maybe it got forgotten). I have now pushed 0.7.0 and I'm going to update the oc image as well.
After that, please try again with Seiso 0.7.0
There's now a new oc image available with Seiso 0.7.0. Please try again and see if the issue still persists.
Using the latest version of Seiso in the pipeline has resolved the issue for the customer.
This issue is still present in Seiso 0.7.1. We are using the latest appuio/oc image on GitLab. Since seiso
is slow computing objects in use we've started to run it after oc apply
to avoid delaying the deployment process.
As a result, a deployment on APPUiO half an hour ago deleted the ConfigMap that is being referred to by the active Deployment object:
...
$ seiso configmaps -l app=lawbrary3 --delete
level=info msg="Seiso 0.7.1, commit fddf46ce9081c232cb98084f22abe254fd889165, date 2020-11-17T09:34:43Z"
level=info msg="Deleted ConfigMap lawb-production/grafana-datasources-86t8876df9"
...
Please, reopen the issue!
Seiso again deleted a ConfigMap in a pipeline run today, even though there was only one ConfigMap left and keep is --keep 3
by default:
...
$ seiso configmaps -l app=lawbrary3 --delete
level=info msg="Seiso 0.7.1, commit fddf46ce9081c232cb98084f22abe254fd889165, date 2020-11-17T09:34:43Z"
level=info msg="Deleted ConfigMap lawb-production/grafana-datasources-86t8876df9"
...
Please try to fix this problem and warn your customers about this bug. It would also help if more information were printed about (default) settings being used and why a candidate was selected for deletion.
The use of seiso configmap
is dangerous in its current state.
Hi Peter
We understand the situation is annoying for you. Seiso is clearly not production ready. Would you mind opening a support ticket at control.vshn.net if this is urgent for you? Our engineering focus is currently not with Seiso.
Hello,
I think it was certainly linked to #49 which fixed the ResourceContains in kubernetes/utils.
Indeed, I did this PR because seiso were deleting currently running images.
I think it was certainly linked to #49 which fixed the ResourceContains in kubernetes/utils.
To explain why I'm almost sure the current issue is fixed:
The method GetUnused
from pkg/configmap/configmap.go, lines 64-89 is using ResourceContains
to check if the config map name is used by any resource defined in the namespace resources.
The configmap is only checking resources of types defined in openshift.PredefinedResource
. I think it should be right, because this list contains Deployment
and ReplicaSet
.
Before the fix of #49, ResourceContains
was doing this check only for the first resource of the namespace. Now, it checks for all resources if the config id is used.
That's explain why it was difficult to reproduce the configmap deletion bug in real environment.
Furthermore, the config map unit test has mocked the ResourceContains, that's why it always passed.
ConfigMaps that are still in use should not be deleted (as confirmed by the README).
Unfortunately, the current implementation seems to identify configmaps that are still in use. This results in
ConfigMap
manifests being deleted for deployments that are running at that very moment, and failing volume mounts for configmaps when pods are restarted.This should be fixed by constructing a test case that manages to reproduce the behavior.
Related source locations
Example
A somewhat complete example of a Kustomize-based deployment, which is followed by a Seiso run:
Note the ConfigMap with the "7tc6fdbf65" hash that is being deleted, even though it's obviously included in the deployment.