Add a webhook for namespace deletion #719
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for kubernetes-sigs-kmm ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: qbarrand The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
cncf-cla: yes
qbarrand
force-pushed
the
ns-deletion-finalizer
branch
from
a49e36c to
2574a94
Compare
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #719 +/- ##
==========================================
- Coverage 79.09% 78.88% -0.21%
==========================================
Files 51 52 +1
Lines 5109 3998 -1111
==========================================
- Hits 4041 3154 -887
+ Misses 882 653 -229
- Partials 186 191 +5 ☔ View full report in Codecov by Sentry. |
ybettan
reviewed
Jan 31, 2024
| - do not delete any namespace containing at least a `Module` resource. | ||
| To avoid situations where KMM is unable to unload the kernel module from nodes, make sure those resources are not | ||
| deleted while the `Module` resource is still present in the cluster in any state, including `Terminating`. | ||
| KMM ships with an admission webhook that rejects the deletion of namespaces that contain at least one `Module` |
There was a problem hiding this comment.
Suggested change
| KMM ships with an admission webhook that rejects the deletion of namespaces that contain at least one `Module` | |
| KMM ships with a validating admission webhook that rejects the deletion of namespaces that contain at least one `Module` |
ybettan
reviewed
Jan 31, 2024
ybettan
reviewed
Jan 31, 2024
This commit makes KMM set the kmm.node.k8s.io/contains-modules label on all namespaces that contain at least one Module. It also adds a new webhook to the bundle and the corresponding handler in the manager. The new webhook rejects namespace deletions if the kmm.node.k8s.io/contains-modules label is present on the namespace. This avoids entering situations where the namespace is being deleted and KMM cannot create unloading Pods to honor Module deletion.
qbarrand
force-pushed
the
ns-deletion-finalizer
branch
from
2574a94 to
304f486
Compare
|
@mresvanis @yevgeny-shnaidman @ybettan PTAL 🙂 |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
qbarrand
added a commit
to qbarrand/kernel-module-management
that referenced
this pull request
Mar 6, 2024
This commit makes KMM set the kmm.node.k8s.io/contains-modules label on all namespaces that contain at least one Module. It also adds a new webhook to the bundle and the corresponding handler in the manager. The new webhook rejects namespace deletions if the kmm.node.k8s.io/contains-modules label is present on the namespace. This avoids entering situations where the namespace is being deleted and KMM cannot create unloading Pods to honor Module deletion.
k8s-ci-robot
pushed a commit
that referenced
this pull request
Mar 6, 2024
* Add a webhook for namespace deletion (#719) This commit makes KMM set the kmm.node.k8s.io/contains-modules label on all namespaces that contain at least one Module. It also adds a new webhook to the bundle and the corresponding handler in the manager. The new webhook rejects namespace deletions if the kmm.node.k8s.io/contains-modules label is present on the namespace. This avoids entering situations where the namespace is being deleted and KMM cannot create unloading Pods to honor Module deletion. * Restrict checks for image existence (#734) Before populating the NodeModulesConfig object, only check if built or signed image exist on the registry. Add a log message when the NodeModulesConfig is not populated for that reason. * Make slight changes to the CRDs (#736) Module: make moduleName an optional field. ManagedClusterModule: make spokeNamespace a required field.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit makes KMM set the
kmm.node.k8s.io/contains-moduleslabel on all namespaces that contain at least oneModule.It also adds a new webhook to the bundle and the corresponding handler in the manager.
The new webhook rejects namespace deletions if the
kmm.node.k8s.io/contains-moduleslabel is present on the namespace. This avoids entering situations where the namespace is being deleted and KMM cannot create unloading Pods to honorModuledeletion.Fixes #708
/cc @mresvanis @yevgeny-shnaidman @ybettan