Description of problem:
openshift-sdn, openshift-node and possibly openshift-web-console should get the same protections that kube-system and default have so that they cannot be deleted.
Version-Release number of selected component (if applicable): 3.10.0-0.27.0
How reproducible: Always
Steps to Reproduce:
1. oc delete openshift-sdn
SDN namespace deleted
As more OpenShift infra moves into pods/namespaces, those critical to cluster health should be protected.
I don't see why components should be immortal. I wouldn't make the openshift-apiserver namespace immortal, so why should the SDN that depends on it be immortal?
I may consider making some future operator namespace immortal to ease recovery (or maybe not), but preventing the removal of a component after it has been installed doesn't seem reasonable to me.
Seems asymmetrical that we allow deletion of openshift-* namespaces but do not allow creation:
root@ip-172-31-13-231: ~ # oc new-project openshift-logging
Error from server (Forbidden): project.project.openshift.io "openshift-logging" is forbidden: cannot request a project starting with "openshift-"
@deads is this as you would expect? Maybe I'm being too picky.
We don't allow requesting a namespace with that pattern because normal users can request projects. Normal users cannot delete any openshift- namespaces. Only exception users can delete them and those same exceptional users can create them with `oc create namespace openshfit-logging`.
The two actions look similar, but aren't. So I think they are symmetric.