Closed erikgb closed 1 month ago
Another possible solution is to allow finalization, since there is no way to undelete a resource in Kubernetes, i.e. cascade delete ref. https://github.com/cybozu-go/accurate/issues/119. It should be possible to configure the Accurate webhooks to allow otherwise blocked deletes if the API call comes from Accurate or the Kubernetes garbage collector.
Describe the bug
Today we experienced a strange issue in one of our clusters: It seems like a client managed to delete a SubNamespace that should have been blocked by the Accurate SubNamespace webhook - since the sub-namespace has child namespaces. This is probably not correct, but the result is that Accurate controller is trying to do something that is blocked by the Accurate Namespace webhook.
From controller logs:
Environments
To Reproduce
Not sure if I know how to reproduce.
Expected behavior A clear and concise description of what you expected to happen.
The SubNamespace delete should have been blocked by the Accurate SubNamespace webhook. But when that is allowed go through (SubNamespace
deletionTimestamp
is set), the controller should not attempt a doomed operation.Additional context Add any other context about the problem here.