Details
-
Task
-
Resolution: Won't Do
-
Major
-
None
-
None
-
None
-
False
-
False
-
Undefined
Description
Customers sometimes create resources with (nearly?) the same labels and annotations as the ones created by the operator. When pruning, the operator deletes all resources that have the maistra.io/owner label set to the mesh namespace and don't have the correct app.kubernetes.io/version set.
We can improve this by only deleting resources that also have the app.kubernetes.io/managed-by label set to istio-operator. This should reduce the number of resources that the operator deletes erroneously, since we can expect fewer customers to add this label to the resources they create manually (which clearly aren't managed by the operator).
In addition to the above, we've now made the operator also delete resources outside of the control plane namespace (to fix MAISTRA-1621). There's a minute chance that the operator would now delete resources in namespaces that were never part of the mesh (this would only happen if users create resources with the app.kubernetes.io/owner pointing to a control plane namespace that they don't belong to at all).
To prevent the pruning of such resources, we could make the operator add an annotation to each namespace a gateway is deployed and check this annotation when pruning. This however requires moving away from pruneAll() and deleting all resource types with pruneIndividually(), which in some scenarios is not as performant.
Attachments
Issue Links
- is related to
-
MAISTRA-1621 Gateways in non-cp namespaces are never pruned
-
- Closed
-
-
-
- Closed
-