Description of problem: openshift-sdn, openshift-node and possibly openshift-web-console should get the same protections that kube-system and default have so that they cannot be deleted. Version-Release number of selected component (if applicable): 3.10.0-0.27.0 How reproducible: Always Steps to Reproduce: 1. oc delete openshift-sdn Actual results: SDN namespace deleted Expected results: As more OpenShift infra moves into pods/namespaces, those critical to cluster health should be protected.
I don't see why components should be immortal. I wouldn't make the openshift-apiserver namespace immortal, so why should the SDN that depends on it be immortal? I may consider making some future operator namespace immortal to ease recovery (or maybe not), but preventing the removal of a component after it has been installed doesn't seem reasonable to me.
Seems asymmetrical that we allow deletion of openshift-* namespaces but do not allow creation: root@ip-172-31-13-231: ~ # oc new-project openshift-logging Error from server (Forbidden): project.project.openshift.io "openshift-logging" is forbidden: cannot request a project starting with "openshift-" @deads is this as you would expect? Maybe I'm being too picky.
We don't allow requesting a namespace with that pattern because normal users can request projects. Normal users cannot delete any openshift- namespaces. Only exception users can delete them and those same exceptional users can create them with `oc create namespace openshfit-logging`. The two actions look similar, but aren't. So I think they are symmetric.