Delete handler not executed for resources when the namespace is deleted

[nolar]

Discussed in https://github.com/nolar/kopf/discussions/899

^{Originally posted by mboutet March 4, 2022} I have a create, update, and delete handlers for Ingress resources. I expect the Ingress resources deletion handler to be executed when the namespace is deleted. However, this does not happen when the operator is configured to watch this specific namespace. It works if the operator is configured to watch all namespaces.

In both cases, the operator uses a service account binded to the cluster-admin cluster role. Therefore, it is likely not a permission issue.

Of course, if I add a deletion handler for namespaces, I can handle the cascade deletion to Ingress resources manually. However, it has the downside of adding finalizers on all namespaces (even if the operator is configured to only watch specific namespaces).

Is this behaviour intended? If it helps, I can try to come up with a minimal example that produces the issue.

Thank you in advance.

[nolar]

Hello. Yes, a code snippet might help. The logs with -v (verbose mode) will be helpful too.

My current suspicion is that the namespace deletion stops the namespace watcher task. The "deletion" is detected by the presence of the .metadata.deletionTimestamp field.

• https://github.com/nolar/kopf/blob/408686a1b833b4d08fb1898d0b2626793439dbf2/kopf/_core/reactor/observation.py#L334-L337

• https://github.com/nolar/kopf/blob/408686a1b833b4d08fb1898d0b2626793439dbf2/kopf/_core/reactor/observation.py#L201-L203

This is clearly a bug.

However, I have to find a better way to reliably detect the namespace end-of-life events — at least as reliable as the timestamp field. The event type DELETED alone might be comparable, but it has quite some chances of being missed — to be investigated.