Metrics-server should not create or addopt kube-system namespace. #4421
Conversation
github-actions
bot
added
the
owner/packages
| @@ -12,7 +12,7 @@ daemonset: | |||
| updateStrategy: null | |||
| metricsServer: | |||
| namespace: null | |||
| createNamespace: true | |||
| createNamespace: false | |||
There was a problem hiding this comment.
Couple of scenarios we need to handle:
- User giving createNamespace: true and namespace: kube-system - In this case lets not create namespace
- Upgrade: User upgrades the package but has older data values i.e. User in their data values has createNamespace: true. So even though package defaults are changed the user has createNamespace: true and hence during delete it will attempt to delete the namespace. Lets also add
https://carvel.dev/kapp/docs/v0.46.0/apply/#kappk14siodelete-strategydelete-strategy:orphan in the namespace to prevent deletion of namespace
There was a problem hiding this comment.
namespace creation is handled by kapp-controller. I don't think we can do much here to prevent the creation or adoption of the namespace when the user intentionally sets createNamespace: true.
However adding delete-strategy:orphan to the namespace will mitigate this as well.
There was a problem hiding this comment.
It looks like this behavior has been fixed in carvel-dev/kapp#468
see discussion here: https://kubernetes.slack.com/archives/C02GY94A8KT/p1645018465370589
There is a request to add a feature to kapp to prevent a package from taking ownership: carvel-dev/kapp-controller#523
and the fix is referenced there.
looks like fix should be available as of kapp v0.47.0
There was a problem hiding this comment.
for deployments that use older kapp-controller the best approach will be to add https://carvel.dev/kapp/docs/v0.46.0/apply/#kappk14siodelete-strategy delete-strategy:orphan, and modify the values.yaml as suggested in this pr
There was a problem hiding this comment.
- Lets add https://carvel.dev/kapp/docs/v0.46.0/apply/#kappk14siodelete-strategy delete-strategy:orphan for older kapp-controller deployments
- Can we add a check here https://github.com/vmware-tanzu/community-edition/blob/main/addons/packages/metrics-server/0.5.1/bundle/config/overlays/overlay-namespace.yaml#L12
#@ if data.values.metricsServer.createNamespace and data.values.namespace != "kube-system":
To prevent even creating namespace if kube-system is given ?
There was a problem hiding this comment.
added check of != "kube-system" to 0.5.1,
added orphaned label to kube-system namespace on 0.4.1,
Not sure if this is the correct way to add the orphan label.
adduarte
force-pushed
the
metrics-package-namespace-creation
branch
from
5af8563
to
1103b72
Compare
adduarte
force-pushed
the
metrics-package-namespace-creation
branch
from
1103b72
to
72f3515
Compare
|
The latest commit only sets createNamespace: false. |
If the metric server creates or addopts the kube-system namespace, it will be marked for deletion whenever the metric-server package is deleted. kube-system namespace deletion is not allowed. set createNamespace to default false Fixes 1708
adduarte
force-pushed
the
metrics-package-namespace-creation
branch
from
72f3515
to
5ba9794
Compare
|
In order to move forward we will scale down this patch to only fix the incorrect settings in metrics-server package bundle. |
|
selected this as a better solutionhttps://github.com//pull/4724 |
If the metric server creates or addopts the kube-system namespace,
it will be marked for deletion whenever the metric-server package is
deleted. kube-system namespace deletion is not allowed.
Fixes vmware-tanzu/tanzu-framework#1708
Describe testing done for PR
Special notes for your reviewer