Comments (19)
vpnachev
commented on August 11, 2024
1
ok. I have updated the description of this issue and marked the vNETs as implemented.
from gardener-extension-provider-azure.
rfranzke
commented on August 11, 2024
from gardener-extension-provider-azure.
dkistner
commented on August 11, 2024
Currently not. It seems, that there are still issues with orphaned iaas resources after LB service deletion exists. See here: kubernetes/kubernetes#59255
They are already working on a fix for this issue, but I'm not sure if this is the only remaining issue. Further investigation is required.
from gardener-extension-provider-azure.
rfranzke
commented on August 11, 2024
from gardener-extension-provider-azure.
rfranzke
commented on August 11, 2024
@dkistner any updates here for Kubernetes 1.{9,10,11,12}?
from gardener-extension-provider-azure.
rfranzke
commented on August 11, 2024
kubernetes/kubernetes#67604 Maybe relevant?
from gardener-extension-provider-azure.
rfranzke
commented on August 11, 2024
@dkistner any update here?
from gardener-extension-provider-azure.
vlerenc
commented on August 11, 2024
Ping... @dkistner.
from gardener-extension-provider-azure.
dkistner
commented on August 11, 2024
I think there is no update as we still see also with latest k8s versions (v1.13, 1.14) left overs in Azure, we would not get rid of them when we delete the cluster. Currently we manage the ResourceGroup and drop it when the Shoot gets deleted. All left overs will be deleted during this process. This would not be the case for existing ResourceGroups because then we would not delete them.
My advise: Wait until we see no left overs anymore and when we have enough trust that the clean up works reliable.
from gardener-extension-provider-azure.
rfranzke
commented on August 11, 2024
@dkistner what I understand from the Kubernetes 1.15 release notes this scenario should become possible, right?
from gardener-extension-provider-azure.
dkistner
commented on August 11, 2024
We are currently testing if the infrastructure left overs are gone with the changes in k8s v1.15. I would recommend to re-enable this only if we are sure that we are really not experience any leaked resources. Let's wait for our test results.
from gardener-extension-provider-azure.
dkistner
commented on August 11, 2024
We will enable Azure Shoot deployments into existing vNets, which are located in a different resource group as the Shoot resources.
Current status:
- MCM adaption: gardener/machine-controller-manager#344 (done)
- Gardener extension adaption: gardener-attic/gardener-extensions#371 (done)
- Gardener: gardener/gardener#1558 (done)
In general I see with this change no reason why we should re-enable deployments in existing resource groups. We had that only because the Azure Kubernetes provider supported only deployment in existing vNets which are in the same resource group as the cluster resources and we disabled it due to the orphan resource issues (which partly still exists). Meanwhile the Azure Kubernetes provider support also deployments in existing vNets which are in other resource groups (this scenario is now implemented).
Therefore I would suggest to remove the inactive validation logic in the Gardener for the existing resource group case and close this issue afterwards. WDYT? @rfranzke, @AndreasBurger, @vlerenc
from gardener-extension-provider-azure.
vpnachev
commented on August 11, 2024
@dkistner can we close this issue ?
from gardener-extension-provider-azure.
dkistner
commented on August 11, 2024
No only the deployment into existing vnets is implemented. The second part deployment into existing resource groups is still in discussion.
from gardener-extension-provider-azure.
muenchdo
commented on August 11, 2024
We would be interested in this as we are currently in discussions with a customer about deploying a shoot into their Azure subscription. Being able to create resource groups seems to require quite broad permissions which we would like to avoid.
from gardener-extension-provider-azure.
dkistner
commented on August 11, 2024
As far a I recall correctly the only argument against Shoot deployment into existing resource groups are the left overs which could remain on the infrastructure when the cluster is deleted. Unfortunately the Azure cloud provider have still issues with that.
So yes, I think we can discuss to enable that.
Btw: PRs for that are warmly welcome :)
from gardener-extension-provider-azure.
muenchdo
commented on August 11, 2024
So you would say it could be enabled again and there would be a disclaimer somewhere that it can result in orphaned resources?
from gardener-extension-provider-azure.
dkistner
commented on August 11, 2024
Yes, something like this I could image. Users have to be aware that some left overs can remain if the cluster is gone.
from gardener-extension-provider-azure.
rfranzke
commented on August 11, 2024
@muenchdo wanna give it a try? If you need help just ping, happy to guide you
from gardener-extension-provider-azure.
Related Issues (20)
- Deletion fails due to empty string vnet reference
- Seed deletion fails due to missing backupbucket secret HOT 1
- Support PremiumV2_LRS storage HOT 2
- Improve error code matching HOT 1
- Add Infrastructure integration test for invalid credentials HOT 1
- Error code not added HOT 2
- Intermittent Azure API fault results in zombie NatGateway and persistent shoot creation failure HOT 2
- Add native support for generation 1 and 2 OS images and machine types
- Enhance error code
- Improve error classification for `PublicIPAddressInUse` HOT 1
- Change StorageAccount for backupbucket from LRS to ZRS HOT 1
- Enable Serial Console Support in Worker Node HOT 3
- Integrate vSMP MemeoryOne in Azure HOT 6
- Cannot delete `BackupEntries` which use the secret from a `core.BackupBucket.status.generatedSecretRef` reference HOT 2
- [CPM] Restoration of cluster fails if it's `Infrastructure` resource on the source `Seed` was annotated with `migration.azure.provider.extensions.gardener.cloud/zone` HOT 1
- Map context timeout/deadline exceeded code during VM Deletion to gardener ERR_INFRA_DEPENDENCIES HOT 1
- Parametrize and Expose Azure disks IOPs and Throughput
- Can't use azure dns provider with non-azure infrastructure provider HOT 2
- `OverconstrainedZonalAllocationRequest` could be a transient error
- Support more Azure cloud environments
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gardener-extension-provider-azure.