github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 01:06:27 +00:00
Code Issues Projects Releases Wiki Activity

Delete cluster role and their bindings federated clusters.

Browse Source 
This is part of the namespace deletion big hammer. `kubefed join` not
just creates federation-system namespace, but also cluster role and
cluster role bindings in the joining clusters. Sometimes unjoin fails
to delete them. So we use a big hammer here to delete them.

This smells like a real problem in kubefed and needs investigation.
This is a short term fix to unblock the submit queue.
This commit is contained in:
Madhusudan.C.S 2017-06-04 13:19:59 -07:00
parent c30afde32e
commit c3d5113365
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
federation/cluster/common.sh
View File

@ -431,13 +431,28 @@ function cleanup-federation-api-objects {
# This is a big hammer. We get rid of federation-system namespace from # This is a big hammer. We get rid of federation-system namespace from
# all the clusters # all the clusters
for context in $(federation_cluster_contexts); do for context in $(federation_cluster_contexts); do
kube::log::status "Removing namespace \"${FEDERATION_NAMESPACE}\" from \"${context}\""
( (
local -r role="federation-controller-manager:${FEDERATION_NAME}-${context}-${HOST_CLUSTER_CONTEXT}"
kube::log::status "Removing namespace \"${FEDERATION_NAMESPACE}\", cluster role \"${role}\" and cluster role binding \"${role}\" from \"${context}\""
# Try deleting until the namespace is completely gone. # Try deleting until the namespace is completely gone.
while $host_kubectl --context="${context}" delete namespace ${FEDERATION_NAMESPACE} >/dev/null 2>&1; do while $host_kubectl --context="${context}" delete namespace "${FEDERATION_NAMESPACE}" >/dev/null 2>&1; do
# It is usually slower to remove a namespace because it involves
# performing a cascading deletion of all the resources in the
# namespace. So we sleep a little longer than other resources
# before retrying
sleep 5 sleep 5
done done
kube::log::status "Removed namespace \"${FEDERATION_NAMESPACE}\" from \"${context}\"" kube::log::status "Removed namespace \"${FEDERATION_NAMESPACE}\" from \"${context}\""
while $host_kubectl --context="${context}" delete clusterrole "${role}" >/dev/null 2>&1; do
sleep 2
done
kube::log::status "Removed cluster role \"${role}\" from \"${context}\""
while $host_kubectl --context="${context}" delete clusterrolebinding "${role}" >/dev/null 2>&1; do
sleep 2
done
kube::log::status "Removed cluster role binding \"${role}\" from \"${context}\""
) & ) &
done done
wait wait

2
federation/cluster/federation-down.sh
View File

@ -27,7 +27,7 @@ source "${KUBE_ROOT}/federation/cluster/common.sh"
# federation_clusters returns a list of all the clusters in # federation_clusters returns a list of all the clusters in
# federation, if at all the federation control plane exists # federation, if at all the federation control plane exists
# and there are any clusters registerd. # and there are any clusters registered.
function federation_clusters() { function federation_clusters() {
if clusters=$("${KUBE_ROOT}/cluster/kubectl.sh" \ if clusters=$("${KUBE_ROOT}/cluster/kubectl.sh" \
--context="${FEDERATION_KUBE_CONTEXT}" \ --context="${FEDERATION_KUBE_CONTEXT}" \