-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Voyager sent down the entire app deployed in the cluster #1462
Comments
{
"kind": "Event",
"apiVersion": "audit.k8s.io/v1",
"level": "RequestResponse",
"auditID": "02dfaf3b-be30-4382-9a6e-fe4612ea052b",
"stage": "ResponseComplete",
"requestURI": "/api/v1/namespaces/default/services/<our-app-service>",
"verb": "delete",
"user": {
"username": "system:serviceaccount:kube-system:voyager-haproxy",
"uid": "40fa5988-3458-11e9-b48a-0a216f8733b0",
"groups": [
"system:serviceaccounts",
"system:serviceaccounts:kube-system",
"system:authenticated"
]
},
"sourceIPs": [
"172.20.53.155"
],
"userAgent": "voyager/v0.0.0 (linux/amd64) kubernetes/$Format",
"objectRef": {
"resource": "services",
"namespace": "default",
"name": "<our-app-service>",
"apiVersion": "v1"
},
"responseStatus": {
"metadata": {},
"status": "Success",
"code": 200
},
"requestObject": {
"kind": "DeleteOptions",
"apiVersion": "v1"
},
"responseObject": {
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Success",
"details": {
"name": "<our-app-service>",
"kind": "services",
"uid": "a45a498b-e118-11e9-8e55-1254a4182eba"
}
}, |
I have just experienced and reproduced a very similar scenario to what is described above. This was using the Voyager v12.0.0 Helm chart. A test environment I have has several namespaces amongst which the 'integration-product' namespace contains multiple Deployments, DaemonSets, Services, StatefulSets and other K8S objects existing happily. When I now "successfully" (from Helm's perspective) install a helm chart which includes Voyager as a subchart in another namespace (named 'integration-product-xxx') I can see that all Services and Deployments from unrelated namespace 'integration-product' are being deleted! Note that:
Different to what the OP described, the Helm Chart installation (Helm v3.2.4 using --atomic option) including the Voyager subchart is actually successful so no Voyager Cleanup should be triggered I think. Nevertheless Voayger wreaks havoc on totally unrelated Services and Deployments in a different namespace. Luckily this happened in a test environment. However, setting 'restrictToOperatorNamespace: true' seems to prevent this massacre. Maybe it should be the default setting? Still it doesn't feel right that Voyager can delete unrelated objects in unrelated namespaces by default, maybe you can do something about that before it causes real pain for someone in production? |
Happy to read that someone else stumbled upon this and there is a huge bug in the operator. |
I have the same issue, but I have it only when I add some customization of haproxy in annotations to enable proxy forward and othe things related to TLS. No error on pod's logs or in describe ingress, nothing usefull, just stopped working. |
This is a very interesting story and perhaps one of the very nasty bug I stumbled upon.
We run k8s 1.15.6 and I have deployed Voyager 9.0.0 with the following config
values.yaml
inkube-system
.We deploy a Voyager Ingress in the
default
namespace along with otherIngress
andService
(s).Funny bug. Once we kill a voyager pod running the
kube-system
all theServices
in the default namespace are deleted. Result. App down 🙀The text was updated successfully, but these errors were encountered: