Closed clivez closed 4 years ago
we are not interfaceing with container runtime, and it is on purpose I don't consider "pause container deleted by accident" a valid production scenario. Nobody shall have access to the direct container runtime APIs in a production environment besides Kubelet.
and just to be clear :) we also firmly consider interfacing with the container runtime out of scope as well. that is a dependency we don't want to introduce into any part of the DANM eco-system. hence closing this ticket with won't fix
Levo, Product is doing such testing - delete pause container, and this a real case will happen. "out of scope" it technical judgement, while business need a solution for such case.
just because you created a test case for an imagined scenario, it doesn't mean it is a real-life production scenario. the business solution can -and should- be appliying approriate access control on your container runtime APIs, making sure no one can manually delete a running container manually deleting containers can have other side effects, not just networking related. dangling volume mounts, out of synch network device allocations etc.
A deployment with replicas 4 is created, using danmnet 'test-net1' only.
Then the pause container of one pod is forcely deleted.
After that the pod got a new IP address, but the previous one was not released.