diff --git a/keps/sig-network/20190423-service-lb-finalizer.md b/keps/sig-network/20190423-service-lb-finalizer.md index 0e615dd23c0b..a8701ad4a4df 100644 --- a/keps/sig-network/20190423-service-lb-finalizer.md +++ b/keps/sig-network/20190423-service-lb-finalizer.md @@ -53,58 +53,59 @@ superseded-by: ## Summary We will be adding finalizer protection to ensure the Service resource is not -fully deleted until the correlating load balancing resources are deleted. Any +fully deleted until the correlating load balancer resources are deleted. Any service that has `type=LoadBalancer` (both existing and newly created ones) will be attached a service LoadBalancer finalizer, which should be removed by -service controller upon the cleanup of related load balancing resources. Such +service controller upon the cleanup of related load balancer resources. Such finalizer protection mechanism will be released with phases to ensure downgrades can happen safely. ## Motivation There are various cases where service controller can leave orphaned load -balancing resources after services are deleted (ref discussion on +balancer resources after services are deleted (ref discussion on https://github.com/kubernetes/kubernetes/issues/32157, https://github.com/kubernetes/kubernetes/issues/53451). We are periodically getting bug reports and customer issues that replicated such problem, which seems to be common enough and is worth to have a better mechanism for ensuring -the cleanup of load balancing resources. +the cleanup of load balancer resources. ### Goals Ensure the Service resource is not fully deleted until the correlating load -balancing resources are deleted. +balancer resources are deleted. ## Proposal We are going to define a finalizer for service LoadBalancers with name -`service.kubernetes.io/load-balancer-cleanup`. This finalizer will be attached to -any service that has `type=LoadBalancer`. Upon the deletion of such service, the -actual deletion of the resource will be blocked until this finalizer is removed. +`service.kubernetes.io/load-balancer-cleanup`. This finalizer will be attached +to any service that has `type=LoadBalancer` if the cluster has the cloud +provider integration enabled. Upon the deletion of such service, the actual +deletion of the resource will be blocked until this finalizer is removed. This finalizer will not be removed until cleanup of the correlating load -balancing resources are considered finished by service controller. +balancer resources are considered finished by service controller. Note that the removal of this finalizer might also happen when service type changes from `LoadBalancer` to another. This however doesn't change the implication that the resources cleanup must be fulfilled before fully deleting the service. -The lifecyle of a `LoadBalancer` type serivce with finalizer would look like: +The lifecyle of a `LoadBalancer` type service with finalizer would look like: - Creation 1. User creates a service. 2. Service controller observes the creation and attaches finalizer to the service. - 3. Provision of load balancing resources. + 3. Provision of load balancer resources. - Deletion 1. User issues a deletion for the service. 2. Service resource deletion is blocked due to the finalizer. 3. Service controller observed the deletion timestamp is added. - 4. Cleanup of load balancing resources. + 4. Cleanup of load balancer resources. 5. Service controller removes finalizer from the service. 6. Service resource deleted. - Update to another type 1. User update service from `type=LoadBalancer` to another. 2. Service controller observed the update. - 3. Cleanup of load balancing resources. + 3. Cleanup of load balancer resources. 4. Service controller removes finalizer from the service. The expected cluster upgrade/downgrade path for service with finalizer would be: @@ -115,7 +116,7 @@ The expected cluster upgrade/downgrade path for service with finalizer would be: creation. - Downgrade from with-finailzer version - All existing `LoadBalancer` service will have the attached finalizer removed - upon the cleanup of load balancing resources. + upon the cleanup of load balancer resources. - The newly created `LoadBalancer` services will not have finailzer attached. To ensures that downgrades can happen safely, the first release will include the