search

cybozu-go / accurate

Kubernetes controller for multi-tenancy. It propagates resources between namespaces accurately and allows tenant users to create/delete sub-namespaces.
https://cybozu-go.github.io/accurate/
Apache License 2.0
34 stars 5 forks source link

Should clean up previously propagated namespace labels/annotations #98

Closed erikgb closed 5 months ago

erikgb commented 9 months ago

What

Ref. docs:

Accurate currently does not delete previously propagated labels when deleted from the parent namespace to prevent unintended deletions. Users are expected to manually delete labels/annotations that are no longer needed.

I wonder which kind of "unintended deletions" are referred to here. I would expect Accurate to clean up a previously propagated namespace label/annotation (based on Kubernetes managedFields ownership) when the desired state of parent/template NS (or SubNamespace) indicates that a label/annotation should not be propagated.

Could a migration to SSA (Server Side Apply) aid in this? Since controller-runtime still has limited support for SSA, ref. https://github.com/kubernetes-sigs/controller-runtime/issues/347, we probably must migrate to Unstructured instead of structured types. But IMO I think it would be worth it.

How

Describe how to address the issue.

Checklist

ymmt2005 commented 8 months ago

Could a migration to SSA (Server Side Apply) aid in this?

I think so.