github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
k3s/pkg/controller
History
Kubernetes Submit Queue b01e6f68fe Merge pull request #37431 from liggitt/namespace-leftovers 
Automatic merge from submit-queue

hold namespaces briefly before processing deletion

possible fix for #36891

in HA scenarios (either HA apiserver or HA etcd), it is possible for deletion of resources from namespace cleanup to race with creation of objects in the terminating namespace

HA master timeline:
1. "delete namespace n" API call goes to apiserver 1, deletion timestamp is set in etcd
2. namespace controller observes namespace deletion, starts cleaning up resources, lists deployments
3. "create deployment d" API call goes to apiserver 2, gets persisted to etcd
4. apiserver 2 observes namespace deletion, stops allowing new objects to be created
5. namespace controller finishes deleting listed deployments, deletes namespace

HA etcd timeline:
1. "create deployment d" API call goes to apiserver, gets persisted to etcd
2. "delete namespace n" API call goes to apiserver, deletion timestamp is set in etcd
3. namespace controller observes namespace deletion, starts cleaning up resources, lists deployments
4. list call goes to non-leader etcd member that hasn't observed the new deployment or the deleted namespace yet
5. namespace controller finishes deleting the listed deployments, deletes namespace

In both cases, simply waiting to clean up the namespace (either for etcd members to observe objects created at the last second in the namespace, or for other apiservers to observe the namespace move to terminating phase and disallow additional creations) resolves the issue

Possible other fixes:
* do a second sweep of objects before deleting the namespace
* have the namespace controller check for and clean up objects in namespaces that no longer exist
* ...?
 		2016-11-30 04:44:31 -08:00
..
certificates run hack/update-all.sh 2016-11-23 15:53:09 -08:00
cronjob generated: refactor 2016-11-23 22:30:47 -06:00
daemon run hack/update-all.sh 2016-11-23 15:53:09 -08:00
deployment generated: refactor 2016-11-23 22:30:47 -06:00
disruption run hack/update-all.sh 2016-11-23 15:53:09 -08:00
endpoint run hack/update-all.sh 2016-11-23 15:53:09 -08:00
garbagecollector generated: refactor 2016-11-23 22:30:47 -06:00
informers generated: refactor 2016-11-23 22:30:47 -06:00
job run hack/update-all.sh 2016-11-23 15:53:09 -08:00
namespace hold namespaces briefly before processing deletion 2016-11-28 11:35:09 -05:00
node run hack/update-all.sh 2016-11-23 15:53:09 -08:00
petset run hack/update-all.sh 2016-11-23 15:53:09 -08:00
podautoscaler run hack/update-all.sh 2016-11-23 15:53:09 -08:00
podgc run hack/update-all.sh 2016-11-23 15:53:09 -08:00
replicaset generated: refactor 2016-11-23 22:30:47 -06:00
replication generated: refactor 2016-11-23 22:30:47 -06:00
resourcequota generated: refactor 2016-11-23 22:30:47 -06:00
route run hack/update-all.sh 2016-11-23 15:53:09 -08:00
service run hack/update-all.sh 2016-11-23 15:53:09 -08:00
serviceaccount Remove vowels from rand.String, to avoid 'bad words' 2016-11-23 21:53:25 -08:00
volume run hack/update-all.sh 2016-11-23 15:53:09 -08:00
.import-restrictions add import restrictions 2016-10-13 16:10:24 -07:00
BUILD generated: refactor 2016-11-23 22:30:47 -06:00
OWNERS Remove myself from a bunch of OWNERS files, as I am too overloaded 2016-05-11 13:34:51 -07:00
client_builder.go cmd/kube-controller-manager 2016-11-23 15:53:09 -08:00
controller_ref_manager.go generated: refactor 2016-11-23 22:30:47 -06:00
controller_utils.go generated: refactor 2016-11-23 22:30:47 -06:00
controller_utils_test.go remove v1.Semantics 2016-11-23 15:53:09 -08:00
doc.go Use Go canonical import paths 2016-07-16 13:48:21 -04:00
lookup_cache.go Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00