crossplane: ProviderConfigs should not be deleted until all resources referring to it are deleted
What problem are you facing?
When I delete an infra-stack, all CRDs get deletion requests, including Provider ones. Since there is no finalizer on Provider resources, they are deleted immediately. This leads to hanging resources with deletion timestamp because their controllers cannot make deletion calls anymore since they’d have to have Provider resource to give them the credentials.
How could Crossplane help solve your problem?
Crossplane could block the deletion of a Provider resources until all resources that used this Provider are deleted from the cluster.
One mechanism could be that every resource that is successfully created could add its identification info to finalizers array and remove its entry when the resource is deleted.
The other alternative would be to have a Provider controller that scans all the resources who refer to this Provider instance and block the deletion until it finds none. We could somehow make use of labels for easy listing instead of providerRef.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 2
- Comments: 17 (17 by maintainers)
Commits related to this issue
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 This commit prevents a ProviderConfig from being deleted while it is still in use by a... — committed to negz/provider-gcp by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 See the above issue for context. Signed-off-by: Nic Cope <negz@rk0n.org> — committed to negz/provider-aws by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 This commit prevents a ProviderConfig from being deleted while it is still in use by a... — committed to negz/provider-gcp by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 See the above issue for context. Signed-off-by: Nic Cope <negz@rk0n.org> — committed to negz/provider-aws by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 See the above issue for context. Signed-off-by: Nic Cope <negz@rk0n.org> — committed to negz/provider-aws by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 This commit prevents a ProviderConfig from being deleted while it is still in use by a... — committed to negz/provider-gcp by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 See the above issue for more context. Signed-off-by: Nic Cope <negz@rk0n.org> — committed to negz/provider-azure by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 See the above issue for context. Signed-off-by: Nic Cope <negz@rk0n.org> — committed to negz/provider-alibaba by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 See the above issue for more context. Signed-off-by: Nic Cope <negz@rk0n.org> — committed to negz/provider-azure by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 This commit prevents a ProviderConfig from being deleted while it is still in use by a... — committed to negz/provider-gcp by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 See the above issue for context. Note that this commit also migrates this provider to ... — committed to negz/stack-rook by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 See the above issue for more context. Signed-off-by: Nic Cope <negz@rk0n.org> — committed to negz/provider-aws by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 See the above issue for more context. Signed-off-by: Nic Cope <negz@rk0n.org> — committed to negz/provider-aws by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 This commit prevents a ProviderConfig from being deleted while it is still in use by a... — committed to negz/provider-gcp by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 See the above issue for context. Signed-off-by: Nic Cope <negz@rk0n.org> — committed to negz/provider-alibaba by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 This commit prevents a ProviderConfig from being deleted while it is still in use by a... — committed to negz/provider-gcp by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 See the above issue for context. Note that this commit also migrates this provider to ... — committed to negz/stack-rook by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 See the above issue for context. Signed-off-by: Nic Cope <negz@rk0n.org> — committed to negz/provider-azure by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 See the above issue for more context. Signed-off-by: Nic Cope <negz@rk0n.org> — committed to negz/provider-gcp by negz 4 years ago
- Prevent a ProviderConfig that is in use from being deleted https://github.com/crossplane/crossplane/issues/1737 See the above issue for more context. Signed-off-by: Nic Cope <negz@rk0n.org> — committed to wolffbe/provider-aws by negz 4 years ago
I believe this is a close call complexity wise, and is subjective from a UX perspective - especially if we can agree that it’s worth making the consumers of a
ProviderConfigeasily discoverable even when it is not being deleted.If we go with the
ProviderConfigUsageapproach:ProviderConfigUsagewhen a managed resource first connects. Subsequent connects may read from cache and avoid a no-op update.ProviderConfigcontroller can determine whether it should remove its finalizer and inform users whether it’s in use by listing one type -ProviderConfigUsage- from cache. The list can be filtered by a well known label.ProviderConfigcontroller must watch two types -ProviderConfigandProviderConfigUsage- in order to react immediately when aProviderConfigmay be safely deleted.If we invert the responsibility of discovering usages such that the
ProviderConfigcontroller handles it:ProviderConfigcontroller must be aware of the N types that may use aProviderConfig. We can probably register these types when instantiating the controller to avoid having to use API discovery or similar.ProviderConfigcontroller must make N list calls from cache to list N heterogeneous types, and parse thespec.providerConfigReffrom each resource of each type to determine whether it uses the provider.ProviderConfigcontroller must watch 1+N types -ProviderConfigand the N types that may use it - in order to react immediately when aProviderConfigmay be safely deleted.So complexity wise it seems like the
ProviderConfigUsageapproach trades increased storage (many instances of a small resource) for reduced compute (fewer types to list and parse, fewer watches).UX wise it gets pretty subjective. The
ProviderConfigUsageapproach is arguably the more idiomatic - it reflects the canonical deployment-to-pod relationship in which the user determines which pods are part of a deployment by runningkubectl get pod -l some=labelselector, not by looking at an array of pod references in the Deployment’s status. There are also parallels with the RBACRoleBindingtype that binds a role to one or more subjects.If the
ProviderConfigcontroller were responsible for discovering which resources were using it they would presumably be displayed as an array of object references in the status of aProviderConfig. This the more common approach in Crossplane controllers (e.g. the relationship between a composite resource and its composed resources, or a package revision and the resources it installs). One variation here is that the composite resource and package revision Crossplane controllers are responsible for the lifecycle of the resources they track via object references - they create them, rather than discover them after the fact.My assessment is that neither approach is objectively better from a performance standpoint. I still feel that the
ProviderConfigUsageapproach is slightly better from a UX and implementation-complexity standpoint.Ah - I like the potential for symmetry with storage protection. It would be good for providers to similarly transition to a specific status to indicate they’re being removed, perhaps
Status: Terminatingwould work for them too.