-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Managed reconciler should set the finalizer only after resource is created #63
Comments
I can see why we might want to do this, because all the
|
I'm going to play with this today to see if there's something we could do to fix this and #62 in time for possible 0.4.1 release. |
I feel like it's a little risky only adding the finalizer after we've created our external resource. I like that in the current implementation we don't create the managed resource until we know we've set a finalizer to ensure we'll try to clean it up at delete time. If we reverse the ordering here we could open ourselves to situations in which we've created an external resource but not yet recorded a finalizer, in which case we would not do cleanup when deleted. |
Well, deletion is still called but only once since you get the deletion event only once when there is no finalizer set. Ideally, at any point, if managed resource(MR) exists, external resource(ER) exists and if MR disappears so does ER. However, we know that this isn't possible since the user interacts with MR; MR gets created and then ER creation is called, MR gets deleted and only then ER gets deletion call. So, there are necessary creation and deletion lags between these two entities, which is why we use k8s finalizers in the first place. You either set too early and get a hanging MR with no ER or set too late and you leak ER with no MR. I believe hanging MR is usually much better than leaking ER since the ER is what you're paying for in the end. Setting the finalizer;
|
I don't think there's a good way to add a finalizer right after the I think you spotted this because your example looks like a refactored version of the current At this point my feeling is the best option is to add the finalizer right before the
|
This makes sense. I agree that setting the finalizer before |
What problem are you facing?
Currently, for some reason, if the steps before
Create
call fails and the reason also causesDelete
to fail, the resource is stuck and we can't delete it. Examples:Observe
call to fail, but since finalizer is already set, user cannot delete the CR.Delete
is never executed. Managed Reconciler: A resource with unresolved references never gets deleted #62This started to happen after the merge of https://github.com/crossplaneio/crossplane-runtime/pull/45/files#diff-c7df5a255a05fb18975e474f9af689a9L400 since we set the finalizer no matter what on this PR.
How could Crossplane help solve your problem?
We can set the finalizer only after the
Observe
call returns that the resource exists and remove it after deletion signal is received and resource doesn't exist. But I think these calls should be native part of the managed reconciler reconcile loop instead of yet anotherInitializer
orFinalizer
objects. There has been some discussion around this #45 (comment) but I think we should fix it for 0.5 of Crossplane.The text was updated successfully, but these errors were encountered: