kopf
kopf copied to clipboard
zalando-incubator
Resource glob-matching
Background
In #75, it was highlighted that when the operator is dead, the custom resources cannot be deleted because of the Kopf's finalizer. This causes problems when the namespace is deleted: the operator deployment/pod can be killed before the custom resources are deleted, so there is nothing to remove the finalizers, so the resources are never released for actual deletion.
This can be partially helped with #24, when the finalizers are not added unless there are the deletion handlers. But this is not a full solution.
Use-case
Make it possible to write a cluster-scoped controller of this kind:
import kopf
@kopf.on.event('*', '*', '*')
@kopf.on.event('*', '*', 'kopfexamples')
@kopf.on.event('*.zalando.org', '*', '*')
def release_deleted(patch, meta, **kwargs):
if 'deletionTimestamp' in meta and meta.get('finalizers'):
patch.setdefault('metadata', {})['finalizers'] = None
This will watch ALL the resources in the cluster (or namespace), and use the spy-handlers (#30) to react. The spy-handlers do not produce any implicit patching, do not post the k8s events.
Task
Few things are missing now to achieve this:
- The support for non-CRD resources (e.g. pods). #84
- Pre-scanning of the existing resources or CRDs. #57
- The resource glob-matching (this issue).
Optionally, it can be implemented in two steps: 1st, for all CRD resources by globs; 2nd, for all resources by globs. The 1st step should be forward-compatible with the 2nd one, so that the transition is smooth.
Related: other filters of the resources to serve (but of one definite kind): #58 #45
Checklist:
- [ ] Tests.
- [ ] Documentation.
