Comments (7)
timoreimann
commented on May 28, 2024
Hey @Kavantix, one question for clarification: do you expect a delete request for a LoadBalancer-typed Service to just silently not carry out the LB deletion against the API or rather return an error? That is, should the Service still be deleted or not? What is your use case?
from digitalocean-cloud-controller-manager.
timoreimann
commented on May 28, 2024
@rawkode interested in your feedback on the above question as well since you submitted a PR.
from digitalocean-cloud-controller-manager.
Kavantix
commented on May 28, 2024
@timoreimann preventing the service from being deleted would also be fine.
My main concern is that normally deleting and recreating a service in kubernetes will not break anything but when it is mapped to a do load balancer it now does break since the ip changes.
We managed to accidentally delete a load balancer once while thinking it was disowned
from digitalocean-cloud-controller-manager.
timoreimann
commented on May 28, 2024
Got it. I think a validating web hook may be an equally good if not better solution for you assuming that deleting the Service without the LB would still be a bit of a hassle to you (i.e., if you accidentally deleted the Service, you would still have the LB but would also have to craft a new Service object with the right annotation to re-own the orphaned LB).
The validating web hook is something that our CCM could also provide and it would presumably be controlled by an annotation. So same mechanism, but different implementation.
from digitalocean-cloud-controller-manager.
Kavantix
commented on May 28, 2024
So basically an 'are you sure you want to delete this service' if it has the 'protect: true' annotation?
from digitalocean-cloud-controller-manager.
timoreimann
commented on May 28, 2024
Sort of: If the protective annotation was set, then a validation web hook who reject DELETE requests to the Service object right away.
FWIW this can already be done with a custom web hook unrelated to CCM (and frameworks like OPA / GateKeeper / Kyvero should allow to do so without a custom implementation). I'd normally refer to one of these solutions but I also see the value in making it a built-in feature of our CCM given that the loss of the LB and its public IP address is quite impactful.
from digitalocean-cloud-controller-manager.
rawkode
commented on May 28, 2024
For my use-case, preventing deletion of the service is a no go.
I provision the LB and service independently and this is already supported by providing the load-balancer-id tag. For DOKs customers that donβt want to go down the external-dns route, this is probably pretty common.
from digitalocean-cloud-controller-manager.
Related Issues (20)
- do-loadbalancer-protocol: 'http2' results in 'http2' --> 'http' HOT 4
- Extending Loadbalancer timeout duration HOT 1
- Misconfigured cloud-controller-manager.yml (HA deployment that uses daemonset) HOT 1
- Change release pipeline to promote dev manifests
- udp loadbalancer failing to create HOT 8
- Controller manual mode HOT 17
- Allow the region to be explicitly specified instead of using the Region metadata API HOT 5
- K8 annotations for load balancer name / id do not work as expected HOT 4
- Typos in README.md
- IPv6 address missing in nodes status HOT 9
- Prevent duplicate do-loadbalancer-name annotation from changing LB ownership
- do-loadbalancer should accept a certificate name as an alternative to the certificate ID
- Wrong validation regex for service.beta.kubernetes.io/do-loadbalancer-allow-rules HOT 2
- Feature Request: Create a Helm chart for DO CCM HOT 1
- Cloud Controller Manager doesn't add droplets to Load Balancer HOT 6
- `k8s.gcr.io` is no longer used HOT 2
- CI: Bypass branch protection on release workflow execution
- do-loadbalancer-allow-rules doesn't work (firewall is not configured) HOT 1
- Confusion with do-loadbalancer-hostname HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from digitalocean-cloud-controller-manager.