gateway-api icon indicating copy to clipboard operation
gateway-api copied to clipboard
verified publisher icon kubernetes-sigs

Gateway Finalizer

Open danehans opened this issue 3 years ago • 5 comments

What would you like to be added: A Gateway finalizer similar to the GatewayClass finalizer.

Why this is needed: The GatewayClass finalizer ensures that a GatewayClass is not deleted when Gateways are attached. A Gateway finalizer should be specified to ensure Gateways are not deleted when HTTPRoutes are attached.

danehans avatar Sep 12 '22 17:09 danehans

What would you like to be added: A Gateway finalizer similar to the GatewayClass finalizer.

Why this is needed: The GatewayClass finalizer ensures that a GatewayClass is not deleted when Gateways are attached. A Gateway finalizer should be specified to ensure Gateways are not deleted when HTTPRoutes are attached.

Also for TLSRoute, TCPRoute, and UDPRoute?

tokers avatar Sep 13 '22 01:09 tokers

IMO we shouldn't do this.

  1. Core k8s types do not (PDB and deployment for example). The one I know that does, Namespace, is a unique case.
  2. Generally finalizer is for the controller to cleanup. But the controller cannot delete the HTTPRoute - the user must. However, the user also cannot delete them since there is a persona split between gateway admin and app admin
  3. Finalizer generally provide a poor UX, IMO

howardjohn avatar Sep 13 '22 01:09 howardjohn

Generally finalizer is for the controller to cleanup. But the controller cannot delete the HTTPRoute - the user must.

This is not the case for GatewayClassFinalizerGatewaysExist.

However, the user also cannot delete them since there is a persona split between gateway admin and app admin

The persona split is not a requirement of Gateway API, e.g. a user can be responsible for managing the infra and app routing. Even in a split persona use case, I can see value in a Gateway finalizer to avoid an infra admin user from deleting Gateways with routes that were attached by app dev users.

danehans avatar Sep 13 '22 18:09 danehans

This is not the case for GatewayClassFinalizerGatewaysExist.

FWIW I don't think this should exist either :slightly_smiling_face:

The persona split is not a requirement of Gateway API

I don't think there is anything stopping an implementation from adding a finalizer if they want to, right? If you specifically want one (maybe you don't have persona split or don't care), you can always add one today?

howardjohn avatar Sep 13 '22 19:09 howardjohn

After thinking about this for a bit, I agree with @howardjohn to some extent - I don't think that the relationship implied by parentRef is strong enough for it to include a finalizer.

The only action on a Gateway being removed should probably be to remove the associated status references as the Route falls out of scope. We could maybe use a small spec update to include that.

youngnick avatar Sep 14 '22 05:09 youngnick

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Dec 13 '22 05:12 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Jan 12 '23 06:01 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-triage-robot avatar Feb 11 '23 07:02 k8s-triage-robot

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Feb 11 '23 07:02 k8s-ci-robot