kruise
kruise copied to clipboard
openkruise
add: Support the deletion protection of service and ingress
Ⅰ. Describe what this PR does
This PR complete a feature: Support the deletion protection of service and ingress resources
Ⅱ. Does this pull request fix one issue?
fixs #1218
Ⅲ. Describe how to verify it
The Cascading judgement of Service and Ingress is whether there are any endpoints exist for the Service or Ingress. The verify steps is as show below:
Service Deleteion Protection 1.Create a Service and label it with "policy.kruise.io/delete-protection=Always" 2.Delete the Service should be rejected 3.Patch the Service with label "policy.kruise.io/delete-protection=Cascading" 4.Create endpoints of the Service 5.Delete the Service should be rejected 6.Delete all endpoints of the Service 7.The Service can be delete successfully
Ingress Deleteion Protection 1.Create a Ingress and label it with "policy.kruise.io/delete-protection=Always" 2.Delete the Ingress should be rejected 3.Patch the Ingress with label "policy.kruise.io/delete-protection=Cascading" 4.Create Service which menotioned in spec.rules.http.paths.backend.service of Ingress spec 5.Create endpoints of the Service 6.Delete the Ingress should be rejected 7.Delete all endpoints of the Service 8.The Ingress can be delete successfully
Ⅳ. Special notes for reviews
None
Hi, I saw there are some CI ans E2E checks not successful. I checked my code and found there are indeed some bugs in my code. I'm working on to fix them, it's no need to review my code now. When I'm done, I will leave comment to require for code review. Thanks.
@kevin1689-cloud tks very much, k8s community also have related PR, I have not yet figured out how to implement this.
@kevin1689-cloud tks very much, k8s community also have related PR, I have not yet figured out how to implement this.
Got it, I'm reading Conversation of the mentioned k8s community PR, the concept of "Lien" is interesting. I‘ve been busy at my company work recently, I thought I could back to working on this pr about 2-3 weeks later and I will fix the bug in my code, read the k8s community PR carefully and give my opinion on that.
@kevin1689-cloud Should we discuss this at the community meeting next Thursday evening?
@kevin1689-cloud Should we discuss this at the community meeting next Thursday evening?
@zmberg Hi, thanks for the invite, how about we discuss this at the community meeting after next Thursday? I have some company project issue to due with in next week, and I'm afraid can't attend the community meeting in time. By the next community meeting, I will be ready.
@zmberg Hi, as we discussed, the main scenarios of service&ingress deletion protection is:
- Avoid the IP address of service&ingress to be changed due to accidental deletion.
So this time we only support the Always delete protection. I noticed there are two E2E checks not successful, but seems they are not caused by this PR.
Please take a look. Thanks!
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
:exclamation: No coverage uploaded for pull request base (
master@9ccd897). Click here to learn what that means. Report is 47 commits behind head on master.
Additional details and impacted files
@@ Coverage Diff @@
## master #1269 +/- ##
=========================================
Coverage ? 50.26%
=========================================
Files ? 157
Lines ? 23450
Branches ? 0
=========================================
Hits ? 11787
Misses ? 10460
Partials ? 1203
| Flag | Coverage Δ | |
|---|---|---|
| unittests | 50.26% <ø> (?) |
Flags with carried forward coverage won't be shown. Click here to find out more.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: zmberg
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [zmberg]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
