From 221e4aa2c2366a6ca06e9dd070531cd06c62bad7 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Tue, 3 Nov 2020 16:51:54 -0500 Subject: [PATCH] Queue non-matching children for deletion when a virtual node is marked as observed When we observe valid coordinates for a previously virtual node, if there are dependents that do not agree with those coordinates, add them to the attemptToDelete queue. This queue will check the dependent's ownerReferences using the coordinates specified by the dependent. If all of the owners can be verified absent, the dependent will be deleted. If some are still present, or if there are errors looking them up, the dependent will not be deleted. If the verified owner is namespaced, and the dependent is not in the same namespace, an event will be recorded for user visibility, since cross-namespace ownerReferences are not supported. --- pkg/controller/garbagecollector/graph_builder.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/pkg/controller/garbagecollector/graph_builder.go b/pkg/controller/garbagecollector/graph_builder.go index 3cec0af87bd..413395c5a92 100644 --- a/pkg/controller/garbagecollector/graph_builder.go +++ b/pkg/controller/garbagecollector/graph_builder.go @@ -633,6 +633,21 @@ func (gb *GraphBuilder) processGraphChanges() bool { // 2. this allows things tracking virtual nodes' existence to stop polling and rely on informer events observedIdentity := identityFromEvent(event, accessor) if observedIdentity != existingNode.identity { + // find dependents that don't match the identity we observed + _, potentiallyInvalidDependents := partitionDependents(existingNode.getDependents(), observedIdentity) + // add those potentially invalid dependents to the attemptToDelete queue. + // if their owners are still solid the attemptToDelete will be a no-op. + // this covers the bad child -> good parent observation sequence. + // the good parent -> bad child observation sequence is handled in addDependentToOwners + for _, dep := range potentiallyInvalidDependents { + if len(observedIdentity.Namespace) > 0 && dep.identity.Namespace != observedIdentity.Namespace { + // Namespace mismatch, this is definitely wrong + klog.V(2).Infof("node %s references an owner %s but does not match namespaces", dep.identity, observedIdentity) + gb.reportInvalidNamespaceOwnerRef(dep, observedIdentity.UID) + } + gb.attemptToDelete.Add(dep) + } + // make a copy (so we don't modify the existing node in place), store the observed identity, and replace the virtual node klog.V(2).Infof("replacing virtual node %s with observed node %s", existingNode.identity, observedIdentity) existingNode = existingNode.clone()