Comments (3)
vazirim
commented on August 16, 2024
@seansund The Binding and Service objects are independent of each other. Deleting a Service object does not cause the deletion of the Binding object because there is no ownership relationship. We removed this relationship to allow another user (from Garage) to create Service and Bindings in different namespaces. Having the ownership relationship would have taken care of deleting the Binding when the Service is deleted. However, Kubernetes doesn't allow objects with ownership relationships to be created in different namespaces. It has its own garbage collector, which rectifies this situation at random by removing the Binding. I recognize that we have a garbage collection issue here when the Service is deleted. In this case, the Binding waits for the Service to be recreated in order to recreate its credentials. Perhaps in the cases where the Binding and Service are in the same namespace, we can add ownership relation to alleviate this issue...
The Binding controller shouldn't recreate a credential with the same name. Will look into this. Could you please send me a yaml for the Service and Binding where you see this behavior?
from cloud-operators.
vazirim
commented on August 16, 2024
@seansund We are going to implement a new feature to address the problem with the excessive access policies. The feature will allow users to define aliases on Binding resources as well. So when there are many Bindings with the same name in different namespaces, rather than creating a new credential for each on the service, these Bindings can simply "alias" an existing credential.
The alias would be specified in the spec on Binding as a name of a credential on the corresponding service. If this name is unique, then it will succeed (and set the ID in Binding status to that), if it is not unique then it will fail. We can also have an optional keyID field to allow the user to specify which credential to alias when there are more than one with the same name.
Please let me know asap if this addresses your issue (planning on implementing it today). Thanks!
from cloud-operators.
vazirim
commented on August 16, 2024
Fixed in v0.1.5
from cloud-operators.
Related Issues (20)
- ReadMe changes : spec.context.resourcegroup
- Multiple credentials created when creating CloudantDB service HOT 1
- Operator should not target locally targeted resource group when using API Key HOT 1
- Add region to service definition HOT 1
- Failed to delete service instance
- Support Secrets Manager HOT 2
- Operator description points to empty Install Guide
- Invalid struct tag
- Automated OperatorHub releases HOT 5
- Operator installation script fails to apply 3 yaml files due to missing namespace HOT 2
- Enhancement Request: add IBM Power Linux Platform (ppc64le) support HOT 4
- Service binding to Event Streams service stuck in pending state HOT 3
- There should be the possibility to create Binding without ownerReference to Service. HOT 1
- Operator projects using the removed APIs in k8s 1.22 requires changes.
- OOMKilled error on ibmcloud-operator-controller-manager HOT 2
- Not able to install the ibm cloud operator by following the instructions in README.md HOT 1
- Deletion of CRs (service and binding) ends with an unstable state for the CRs and the IBM Cloud Operator HOT 3
- Memory Limit too low results in OOMKilled HOT 6
- Default configuration value keys are wrong in README
- Support fallback of ConfigMap/Secrets in management namespace mode
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cloud-operators.