Comments (6)
tchughesiv
commented on July 17, 2024
yes... because removing an operator does not remove an installed CR, nor should it.
from gatekeeper-operator.
ycao56
commented on July 17, 2024
If this is not something installed manually by user, then it should be automatically removed. Having leftovers is not good IMHO.
from gatekeeper-operator.
tchughesiv
commented on July 17, 2024
An installed CR, by a user, is something the operator does not own, nor should it. An operator can be removed but the resulting gatekeeper deployment will/should remain in the cluster unless a user specifically chooses to uninstall it. The operator is merely there to reconcile the install/upgrade/maintenance based on the CR. The CR stands on its own and depends on the CRD to remain in the cluster. That said, OLM will apply patches/changes to a CRD with future releases so there's no concern with an older CRD version remaining on a cluster.
from gatekeeper-operator.
ycao56
commented on July 17, 2024
If the operator has been removed, what's the purpose of leaving CRD and CR in cluster? They are orphans.
Also for uninstall scenario, if user decides to remove gatekeeper operator entirely, user will have to manually remove gatekeeper CRD. Since this is not a resource user installs, there is a big chance that he is not even aware of it.
from gatekeeper-operator.
tchughesiv
commented on July 17, 2024
The key differentiator here, and how I prefer to think about it, is... the Gatekeeper Operator & the Gatekeeper are two separate products serving two separate purposes. Choosing to remove the operator is not the same as choosing to remove the gatekeeper itself. IDK if that helps.
from gatekeeper-operator.
ycao56
commented on July 17, 2024
I look at this in a way how resources are related to each other. To me Gatekeeper CR and Gatekeeper CRD belongs to Gatekeeper Operator not Gatekeeper.
Let's go through the install/uninstall experience from user perspective:
Install flow:
- User installs Gatekeeper Operator using OLM
- User creates Gatekeeper CR to install Gatekeeper
So to user, he only knows about the Gatekeeper Operator and the Gatekeeper CR
Uninstall flow A:
- User deletes Gatekeeper CR to remove gatekeeper
- User deletes Gatekeeper Operator
Now user ends of having Gatekeeper CRD leaving on the cluster. He has no idea about Gatekeeper CRD
Uninstall flow B:
For some reason, user decides to leave Gatekeeper running in cluster but remove Gatekeeper Operator (not sure if this is a valid case we should support. but let's assume it works)
- User only deletes Gatekeeper Operator
Gatekeeper is stilling running in the cluster. Gatekeeper CR is in the cluster. Gatekeeper CRD is also in the cluster.
Gatekeeper CR and Gatekeeper CRD are not necessary for Gatekeeper to continue to run in the cluster.
In either case, Gatekeeper CRD should be removed automatically.
from gatekeeper-operator.
Related Issues (20)
- Add golangci-lint linter
- Update to Go 1.16
- Do not skip creating the Namespace asset in Kubernetes
- OpenShift: consider whether to add openshift-operators to exempt namespace
- Consider moving to ComponentConfig instead of CLI flags
- Remove role and rolebinding RBAC configs
- Add new Gatekeeper operator API options
- Upgrade Operator Gatekeeper API to v1alpha2 HOT 1
- Consider migrating to using goreleaser for releasing the operator
- Collect logs at the end of GitHub Actions Workflow CI
- Use sigstore to add security to releases
- Add dependabot for automating updates to dependencies
- Add support for Gatekeeper v3.6
- OpenShift: use default opt-in namespace selector for webhook configs
- Update yaml used for tests and alm-examples
- Add HPA
- [Question] Is there any way to specify operators (greater / less than) within a mutation policy? HOT 2
- New release for operatorhub HOT 2
- openshift-multus: admission webhook "check-ignore-label.gatekeeper.sh" denied
- Client-side throttling, pod restarts - need to update client-go HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gatekeeper-operator.