Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uninstall Volcano Doesn't Clean ValidateWebhook Configuration And MutatingWebhook Configuration #2102

Closed
whybeyoung opened this issue Mar 18, 2022 · 11 comments
Closed

Uninstall Volcano Doesn't Clean ValidateWebhook Configuration And MutatingWebhook Configuration #2102

whybeyoung opened this issue Mar 18, 2022 · 11 comments
Assignees
@hwdef
Labels
kind/bug Categorizes issue or PR as related to a bug. priority/high
Milestone
v1.7

Comments

@whybeyoung
Copy link
Contributor

whybeyoung commented Mar 18, 2022
edited
Loading

How to reproduce it (as minimally and precisely as possible):

step1: kubectlcreate -f https://raw.githubusercontent.com/volcano-sh/volcano/v1.5.1/installer/volcano-development.yaml

step2: kubectl delete -f https://raw.githubusercontent.com/volcano-sh/volcano/v1.5.1/installer/volcano-development.yaml

The Webhook Configuration is not Cleaned because they are not in the yaml.

And the remained configuration will cause the cluster podCreateFailed beacuse of no pod validate endpoint , this is a little problem but not easy to find.

image

Suggesstion:

Clean them by using ownerrefernce or labels mechanism
@whybeyoung whybeyoung added the kind/bug Categorizes issue or PR as related to a bug. label Mar 18, 2022
@hwdef
Copy link
Member

hwdef commented Mar 18, 2022

I think it is useful

@hwdef
Copy link
Member

hwdef commented Mar 18, 2022

It is not feasible to use the ownerrefernce,
because webhook should be associated with deployment(volcano-admission), but deployment is namespace scoped, webhook is cluster scoped. kubernetes does not allow deletion across namespaces.

https://kubernetes.io/zh/docs/concepts/overview/working-with-objects/owners-dependents/

$ kubectl get events -A --field-selector=reason=OwnerRefInvalidNamespace
NAMESPACE   LAST SEEN   TYPE      REASON                     OBJECT                                                                    MESSAGE
default     5m22s       Warning   OwnerRefInvalidNamespace   mutatingwebhookconfiguration/volcano-admission-service-jobs-mutate        ownerRef [apps/v1/Deployment, namespace: , name: volcano-admission, uid: 0d14f232-61dc-40d2-a5f4-a24150e76f25] does not exist in namespace ""
default     5m22s       Warning   OwnerRefInvalidNamespace   mutatingwebhookconfiguration/volcano-admission-service-podgroups-mutate   ownerRef [apps/v1/Deployment, namespace: , name: volcano-admission, uid: 0d14f232-61dc-40d2-a5f4-a24150e76f25] does not exist in namespace ""
default     5m22s       Warning   OwnerRefInvalidNamespace   mutatingwebhookconfiguration/volcano-admission-service-pods-mutate        ownerRef [apps/v1/Deployment, namespace: , name: volcano-admission, uid: 0d14f232-61dc-40d2-a5f4-a24150e76f25] does not exist in namespace ""
default     5m22s       Warning   OwnerRefInvalidNamespace   mutatingwebhookconfiguration/volcano-admission-service-queues-mutate      ownerRef [apps/v1/Deployment, namespace: , name: volcano-admission, uid: 0d14f232-61dc-40d2-a5f4-a24150e76f25] does not exist in namespace ""

@Thor-wl Do you have any suggestions?

@shinytang6
Copy link
Member

Supplyment: volcano-admission-init will create a secret which cannot be cleaned thoroughly.

@shinytang6
Copy link
Member

similar issue: #2079

@Yikun
Copy link
Member

Yikun commented Mar 19, 2022

Is it possible adding some placeholder in volcano-development.yaml to help delete related resources? Then users can cleanup them using kubectl delete -f volcano-development.yaml.

Otherwise we probably want to add a volcano-development-delete.yaml separately.

@whybeyoung
Copy link
Contributor Author

whybeyoung commented Mar 23, 2022
edited
Loading

i think the we should fix the webhook code here first.

volcano/cmd/webhook-manager/app/util.go

Line 65 in 183a178

service.MutatingConfig.ObjectMeta.Name = webhookConfigName(config.WebhookName, service.Path)
and

volcano/cmd/webhook-manager/app/util.go

Line 81 in 183a178

service.ValidatingConfig.ObjectMeta.Name = webhookConfigName(config.WebhookName, service.Path)
;
And

volcano/cmd/webhook-manager/app/util.go

Line 51 in 183a178

Name: config.WebhookName,

This two place generate different config name prefix when user uses url webhook or uses serivice webhook..And i think it's no need. we can use the default webhook name like "webhook" if user not specify, add an variable WebhookServiceName to distinguish the WebhookName,

then we can put those 8 webhooks in the yaml then we can deal with this problem.

BTW, I try to use finalizers to deal with problem ,but it looks more complex .....

whybeyoung added a commit to whybeyoung/volcano that referenced this issue Mar 23, 2022
@whybeyoung
fix: volcano-sh#2102
c667b7d 
Signed-off-by: maybaby <ybyang7@iflytek.com>
@whybeyoung whybeyoung mentioned this issue Mar 23, 2022
Closed
whybeyoung added a commit to whybeyoung/volcano that referenced this issue Mar 23, 2022
@whybeyoung
fix: volcano-sh#2102
615faa1 
Signed-off-by: maybaby <ybyang7@iflytek.com>
whybeyoung added a commit to whybeyoung/volcano that referenced this issue Mar 23, 2022
@whybeyoung
fix: volcano-sh#2102
a058964 
Signed-off-by: maybaby <ybyang7@iflytek.com>
@hwdef
Copy link
Member

hwdef commented Mar 23, 2022

I think webhook should not be generated by code, webhook should be defined by yaml.
If I want to add some rules for webhook, for example, ignore some pods. I can't do this when generating with code,unless modify the source code.

@Yikun Yikun mentioned this issue Mar 24, 2022
Closed
@Yikun
Copy link
Member

Yikun commented Mar 29, 2022

Could you give some suggestion or inputs in here? @Thor-wl

@Yikun Yikun mentioned this issue Apr 1, 2022
Closed
@pengyuan pengyuan mentioned this issue Apr 25, 2022
Closed
@shinytang6 shinytang6 mentioned this issue Apr 28, 2022
Closed
@shinytang6 shinytang6 mentioned this issue May 10, 2022
Closed
@william-wang william-wang added this to the v1.7 milestone Jun 24, 2022
@hwdef
Copy link
Member

hwdef commented Jul 21, 2022

fix in #2346

/assign

@hwdef
Copy link
Member

hwdef commented Aug 12, 2022

#2346 is merged.
/close

@volcano-sh-bot
Copy link
Contributor

@hwdef: Closing this issue.

In response to this:

#2346 is merged.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hwdef hwdef

Labels
kind/bug Categorizes issue or PR as related to a bug. priority/high
Projects
None yet
Milestone
v1.7
Development

No branches or pull requests
6 participants
@Yikun @william-wang @whybeyoung @hwdef @shinytang6 @volcano-sh-bot