-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
High risk: uninstall velero will delete the namespace #5433
Comments
By default, velero is installed in the "velero" namespace which is created as part of the velero install. It sounds like for your particular use case, you've installed velero into an existing namespace that also contains non-velero content, and you'd rather not remove the namespace, just all the velero content. Currently the uninstall command does the following:
If you want to uninstall velero without removing unrelated things in the velero namespace then we'd need to implement something like a |
I think we should add a check whether the namespace is velero, or add a prompt for the user to confirm, or do not delete the namespace by default. |
There is already a confirmation message, IMO we may just update the message to clarify that the namespace will be removed if the user chooses to proceed. |
We can't "not delete the namespace by default" with the current code, since namespace deletion is the way velero cleans up all of its resources. If there's a need for "leave the namespace" functionality, that will require an alternate (non-default) implementation that has to explicitly delete all of the things that Velero install (and operation) might create -- deployment, daemonste, secrets, backups, restores, bsls, vsls, etc. |
I also think it's the convention that velero has a dedicated namespace. |
@reasonerjt Yes, default installation gives velero a dedicated namespace with the assumption that everything there is velero-related. So if we did decide to implement an option to not delete the namespace on uninstall, it shouldn't be the default. This feels like an edge case, although I'm not sure how important the use case is for having velero in a shared namespace. |
I am having the same issue. Namespace was created separately to maintain infra as code. Now velero deleted the namespace too. I would say not to touch any k8s resource which was not created by velero. does it makes sense? |
The issue is that Velero doesn't know it didn't create it, since the normal install procedure is to create the namespace and then create the velero resources. As mentioned above, this is a possible future enhancement, but it's not a trivial change, since it significantly complicates the uninstall procedure. Instead of just deleting the namespace, the command would have to individually uninstall each specific resource that velero created on install and post-install -- Deployment, DaemonSet, Secrets, BackupStorageLocations, VolumeSnapshotLocations, BackupRespositories, Backups, Restores, PodVolumeBackups, PodVolumeRestores, etc. |
#6152 should make it easier on the user to script uninstall velero created resources except namespace. |
This is indeed high risk, and I would like to upvote this issue. |
Namespace does not belong to Velero, even if we created it specifically for this installation. Namespace is a wider and more fundamental thing than everything that Velero can install in it. I would suggest, to change the message. Please use something like "WARNING: During uninstall, the namespace <The_Name_of_Namespace> will be removed with all resources in it.". And don't do anything without additional key. The key should be something like "--I_UNDERSTAND_WHAT_I_AM_DOING". We don't use "uninstall" every day. I believe that is not so difficult to provide that complicated key once in a while. Many people will appreciate you when you care about them. |
@subudhiroshan don't maintain a fork, make a pull request with your intended change/design. |
$ velero -n devops uninstall velero
The text was updated successfully, but these errors were encountered: