kuryr controller orphan detector/eraser
Problem Statement:
Kuryr Controller's drivers are used by ResourceEventHa
For example, creating a K8S Pod will require a neutron port to be created on a specific network with the proper security groups applied to it.
In some use cases (e.g: loss of resource delete event) Kuryr Controller's drivers might 'forget' to delete resources from OpenStack, and we"ll end up with orphan resources.
Solution:
A new capability should be added to Kuryr Controller - ‘orphan eraser’.
The ‘orphan eraser’ should support the following functionalities:
A. Find the OpenStack resources created by Kuryr Controller’s drivers
B. Decide if specific OpenStack resource is orphan
C. Delete orphan resources
D. Logging of detect/delete operations
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Yossi Boaron
- Direction:
- Needs approval
- Assignee:
- Yossi Boaron
- Definition:
- New
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
I made self Q&A.
Q. What would be orphan resources?
1. Neutron Port
2. Neutron LoadBalancer stuffs (i.e. member, pool, listener, loadbalancer)
3. Neutron Floating IP
Q. How to decide if it's an orphan resource?
1. No k8s resources associated more than the configured time duration.
( * We can get k8s resource information via vif, lbaas_state from the annotations)
Q. What should be considered?
1. Sync with VIF Pool
2. Is kuryr-controller an only user of the neutron resources? -> Otherwise, neutron resources associated to no k8s resources could be the resource served to other service on Openstack.