You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Per Kubebuilder documentation, finalizers are typically named in the format of my.domain.com/finalizer. In our case, that would be application-networking.k8s.aws/finalizer.
The purpose of using our domain as part of the finalizer is to avoid conflicts with other controllers which may add/remove finalizers for the same resources. Currently, we use finalizers that do not include our domain, and if another controller uses the same finalizer, then we are at risk of collision (a risk which is greatly mitigated if we include our domain in the finalizer). We also use different finalizers for every resource, which adds unnecessary code to controllers. Lastly, it's an inconsistency with the broader Kubernetes community.
Changing finalizers would be a backwards incompatible change.
The text was updated successfully, but these errors were encountered:
We need to include domain by recommendation. For key I think each reconlicer/controller need to have a unique one, otherwise you restricted to having single finalizer per entire manager. Also word" finalizer" is an example, not a guidance.
Identifiers of custom finalizers consist of a domain name, a forward slash and the name of the finalizer. Any controller can add a finalizer to any object's list of finalizers.
Per discussion, the finalizers we'd like to go with are <domain>/<controller's resource name>. For example, application-networking.k8s.aws/accesslogpolicy or application-networking.k8s.aws/service. This will prevent different controllers under the same domain from interfering with each other.
We will need to continue supporting deletion of the BOTH the old and new finalizers for now, but only add the new finalizer on creation. In the future, we may remove deletion of the old finalizer to fully drop support of it.
Per Kubebuilder documentation, finalizers are typically named in the format of
my.domain.com/finalizer
. In our case, that would beapplication-networking.k8s.aws/finalizer
.The purpose of using our domain as part of the finalizer is to avoid conflicts with other controllers which may add/remove finalizers for the same resources. Currently, we use finalizers that do not include our domain, and if another controller uses the same finalizer, then we are at risk of collision (a risk which is greatly mitigated if we include our domain in the finalizer). We also use different finalizers for every resource, which adds unnecessary code to controllers. Lastly, it's an inconsistency with the broader Kubernetes community.
Changing finalizers would be a backwards incompatible change.
The text was updated successfully, but these errors were encountered: