fm2022aa
commented
4 months ago great
Closed FxKu closed 3 months ago
fm2022aa
commented
4 months ago great
hughcapet
commented
3 months ago 👍
FxKu
commented
3 months ago :+1:
barthy1
commented
3 months ago Thank you for this great work! When this feature is going to be released?
holgerson97
commented
2 months ago Thank you for this great work! When this feature is going to be released?
@barthy1 it's already in 1.13.0 and I am testing it.
This a follow up to #2199 with some greater changes. The most important part of owner references is the cascaded removal of child resources which bypasses the delete protection offered by our operator.
Quick reminder about delete protection: this checks pre-defined annotations before calling delete code but cannot block the actual kubectl delete call itself. This you could only achieve with a K8s admission controller which, for example, does the same annotation checks.
We use the latter at Zalando, but some folks out there might rely on the protection by the operator. Therefore, we should not enable owner references by default but make it configurable.
2199 also lacked code to update existing resources once you start using owner references or vice versa remove them. Like with the recently added annotation inheritance, this produced many code extensions. I’ve also found some oversights from #2657 which I’ve fixed along the way. All owner references syncs are done with Update API calls, which requires extending the RBAC.
A new e2e test is added which tests syncing owner references in both directions and deleting the acid-test-cluster cascadingly which was previously done in the multi namespace test. Some unit test were extended, too.
closes #2199 fixes #498