From 1553b0fad3866dc9ba12b03ec109077c4c306f02 Mon Sep 17 00:00:00 2001 From: Shane Utt Date: Fri, 9 Jul 2021 23:13:23 -0400 Subject: [PATCH] fix: remove finalizer handling Originally we added finalizers with the intention of holding back object deletion until we were certain that we had removed the relevant configuration from the Kong Admin API. Ultimately at the time of writing it's not feasible to get this done, so this removes a half of the implementation which was causing us complexity without any added value. --- railgun/config/rbac/role.yaml | 144 ------------------ .../configuration/zz_generated_controllers.go | 130 +--------------- .../generators/controllers/networking/main.go | 20 --- railgun/internal/ctrlutils/utils.go | 38 ----- railgun/internal/ctrlutils/vars.go | 8 - 5 files changed, 8 insertions(+), 332 deletions(-) delete mode 100644 railgun/internal/ctrlutils/vars.go diff --git a/railgun/config/rbac/role.yaml b/railgun/config/rbac/role.yaml index 37c6f1deee..248b22ed44 100644 --- a/railgun/config/rbac/role.yaml +++ b/railgun/config/rbac/role.yaml @@ -13,12 +13,6 @@ rules: verbs: - list - watch -- apiGroups: - - "" - resources: - - endpoints/finalizers - verbs: - - update - apiGroups: - "" resources: @@ -56,12 +50,6 @@ rules: verbs: - list - watch -- apiGroups: - - "" - resources: - - secrets/finalizers - verbs: - - update - apiGroups: - "" resources: @@ -78,12 +66,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resources: - - services/finalizers - verbs: - - update - apiGroups: - "" resources: @@ -100,12 +82,6 @@ rules: - get - list - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - ingresses/finalizers - verbs: - - update - apiGroups: - apiextensions.k8s.io resources: @@ -122,12 +98,6 @@ rules: - get - list - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/finalizers - verbs: - - update - apiGroups: - configuration.konghq.com resources: @@ -144,12 +114,6 @@ rules: - get - list - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/finalizers - verbs: - - update - apiGroups: - configuration.konghq.com resources: @@ -166,12 +130,6 @@ rules: - get - list - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses/finalizers - verbs: - - update - apiGroups: - configuration.konghq.com resources: @@ -188,12 +146,6 @@ rules: - get - list - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins/finalizers - verbs: - - update - apiGroups: - configuration.konghq.com resources: @@ -210,12 +162,6 @@ rules: - get - list - watch -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/finalizers - verbs: - - update - apiGroups: - configuration.konghq.com resources: @@ -232,12 +178,6 @@ rules: - get - list - watch -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses/finalizers - verbs: - - update - apiGroups: - configuration.konghq.com resources: @@ -254,12 +194,6 @@ rules: - get - list - watch -- apiGroups: - - networking.internal.knative.dev - resources: - - ingresses/finalizers - verbs: - - update - apiGroups: - networking.internal.knative.dev resources: @@ -276,12 +210,6 @@ rules: - get - list - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/finalizers - verbs: - - update - apiGroups: - networking.k8s.io resources: @@ -306,12 +234,6 @@ rules: verbs: - list - watch -- apiGroups: - - "" - resources: - - endpoints/finalizers - verbs: - - update - apiGroups: - "" resources: @@ -349,12 +271,6 @@ rules: verbs: - list - watch -- apiGroups: - - "" - resources: - - secrets/finalizers - verbs: - - update - apiGroups: - "" resources: @@ -371,12 +287,6 @@ rules: - get - list - watch -- apiGroups: - - "" - resources: - - services/finalizers - verbs: - - update - apiGroups: - "" resources: @@ -393,12 +303,6 @@ rules: - get - list - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - ingresses/finalizers - verbs: - - update - apiGroups: - apiextensions.k8s.io resources: @@ -415,12 +319,6 @@ rules: - get - list - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongclusterplugins/finalizers - verbs: - - update - apiGroups: - configuration.konghq.com resources: @@ -437,12 +335,6 @@ rules: - get - list - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongconsumers/finalizers - verbs: - - update - apiGroups: - configuration.konghq.com resources: @@ -459,12 +351,6 @@ rules: - get - list - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongingresses/finalizers - verbs: - - update - apiGroups: - configuration.konghq.com resources: @@ -481,12 +367,6 @@ rules: - get - list - watch -- apiGroups: - - configuration.konghq.com - resources: - - kongplugins/finalizers - verbs: - - update - apiGroups: - configuration.konghq.com resources: @@ -503,12 +383,6 @@ rules: - get - list - watch -- apiGroups: - - configuration.konghq.com - resources: - - tcpingresses/finalizers - verbs: - - update - apiGroups: - configuration.konghq.com resources: @@ -525,12 +399,6 @@ rules: - get - list - watch -- apiGroups: - - configuration.konghq.com - resources: - - udpingresses/finalizers - verbs: - - update - apiGroups: - configuration.konghq.com resources: @@ -547,12 +415,6 @@ rules: - get - list - watch -- apiGroups: - - networking.internal.knative.dev - resources: - - ingresses/finalizers - verbs: - - update - apiGroups: - networking.internal.knative.dev resources: @@ -569,12 +431,6 @@ rules: - get - list - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/finalizers - verbs: - - update - apiGroups: - networking.k8s.io resources: diff --git a/railgun/controllers/configuration/zz_generated_controllers.go b/railgun/controllers/configuration/zz_generated_controllers.go index e01d77db8d..9288981fa3 100644 --- a/railgun/controllers/configuration/zz_generated_controllers.go +++ b/railgun/controllers/configuration/zz_generated_controllers.go @@ -61,10 +61,8 @@ func (r *CoreV1ServiceReconciler) SetupWithManager(mgr ctrl.Manager) error { //+kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch //+kubebuilder:rbac:groups="",resources=services/status,verbs=get;update;patch -//+kubebuilder:rbac:groups="",resources=services/finalizers,verbs=update //+kubebuilder:rbac:groups="",namespace=CHANGEME,resources=services,verbs=get;list;watch //+kubebuilder:rbac:groups="",namespace=CHANGEME,resources=services/status,verbs=get;update;patch -//+kubebuilder:rbac:groups="",namespace=CHANGEME,resources=services/finalizers,verbs=update // Reconcile processes the watched objects func (r *CoreV1ServiceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { @@ -134,10 +132,8 @@ func (r *CoreV1EndpointsReconciler) SetupWithManager(mgr ctrl.Manager) error { //+kubebuilder:rbac:groups="",resources=endpoints,verbs=list;watch //+kubebuilder:rbac:groups="",resources=endpoints/status,verbs=get;update;patch -//+kubebuilder:rbac:groups="",resources=endpoints/finalizers,verbs=update //+kubebuilder:rbac:groups="",namespace=CHANGEME,resources=endpoints,verbs=list;watch //+kubebuilder:rbac:groups="",namespace=CHANGEME,resources=endpoints/status,verbs=get;update;patch -//+kubebuilder:rbac:groups="",namespace=CHANGEME,resources=endpoints/finalizers,verbs=update // Reconcile processes the watched objects func (r *CoreV1EndpointsReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { @@ -207,10 +203,8 @@ func (r *CoreV1SecretReconciler) SetupWithManager(mgr ctrl.Manager) error { //+kubebuilder:rbac:groups="",resources=secrets,verbs=list;watch //+kubebuilder:rbac:groups="",resources=secrets/status,verbs=get;update;patch -//+kubebuilder:rbac:groups="",resources=secrets/finalizers,verbs=update //+kubebuilder:rbac:groups="",namespace=CHANGEME,resources=secrets,verbs=list;watch //+kubebuilder:rbac:groups="",namespace=CHANGEME,resources=secrets/status,verbs=get;update;patch -//+kubebuilder:rbac:groups="",namespace=CHANGEME,resources=secrets/finalizers,verbs=update // Reconcile processes the watched objects func (r *CoreV1SecretReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { @@ -283,10 +277,8 @@ func (r *NetV1IngressReconciler) SetupWithManager(mgr ctrl.Manager) error { //+kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch //+kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses/finalizers,verbs=update //+kubebuilder:rbac:groups=networking.k8s.io,namespace=CHANGEME,resources=ingresses,verbs=get;list;watch //+kubebuilder:rbac:groups=networking.k8s.io,namespace=CHANGEME,resources=ingresses/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=networking.k8s.io,namespace=CHANGEME,resources=ingresses/finalizers,verbs=update // Reconcile processes the watched objects func (r *NetV1IngressReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { @@ -324,7 +316,7 @@ func (r *NetV1IngressReconciler) Reconcile(ctx context.Context, req ctrl.Request } return ctrl.Result{Requeue: true}, nil // wait until the object is no longer present in the cache } - return ctrlutils.CleanupFinalizer(ctx, r.Client, log, req.NamespacedName, obj) + return ctrl.Result{}, nil } // if the object is not configured with our ingress.class, then we need to ensure it's removed from the cache @@ -336,17 +328,6 @@ func (r *NetV1IngressReconciler) Reconcile(ctx context.Context, req ctrl.Request return ctrl.Result{}, nil } - // before we store cache data for this object, ensure that it has our finalizer set - if !ctrlutils.HasFinalizer(obj, ctrlutils.KongIngressFinalizer) { - log.Info("finalizer is not set for resource, setting it", req.Namespace, req.Name) - finalizers := obj.GetFinalizers() - obj.SetFinalizers(append(finalizers, ctrlutils.KongIngressFinalizer)) - if err := r.Client.Update(ctx, obj); err != nil { - return ctrl.Result{}, err - } - return ctrl.Result{Requeue: true}, nil - } - // update the kong Admin API with the changes log.Info("updating the proxy with new Ingress", "namespace", obj.Namespace, "name", obj.Name) if err := r.Proxy.UpdateObject(obj); err != nil { @@ -379,10 +360,8 @@ func (r *NetV1Beta1IngressReconciler) SetupWithManager(mgr ctrl.Manager) error { //+kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch //+kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses/finalizers,verbs=update //+kubebuilder:rbac:groups=networking.k8s.io,namespace=CHANGEME,resources=ingresses,verbs=get;list;watch //+kubebuilder:rbac:groups=networking.k8s.io,namespace=CHANGEME,resources=ingresses/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=networking.k8s.io,namespace=CHANGEME,resources=ingresses/finalizers,verbs=update // Reconcile processes the watched objects func (r *NetV1Beta1IngressReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { @@ -420,7 +399,7 @@ func (r *NetV1Beta1IngressReconciler) Reconcile(ctx context.Context, req ctrl.Re } return ctrl.Result{Requeue: true}, nil // wait until the object is no longer present in the cache } - return ctrlutils.CleanupFinalizer(ctx, r.Client, log, req.NamespacedName, obj) + return ctrl.Result{}, nil } // if the object is not configured with our ingress.class, then we need to ensure it's removed from the cache @@ -432,17 +411,6 @@ func (r *NetV1Beta1IngressReconciler) Reconcile(ctx context.Context, req ctrl.Re return ctrl.Result{}, nil } - // before we store cache data for this object, ensure that it has our finalizer set - if !ctrlutils.HasFinalizer(obj, ctrlutils.KongIngressFinalizer) { - log.Info("finalizer is not set for resource, setting it", req.Namespace, req.Name) - finalizers := obj.GetFinalizers() - obj.SetFinalizers(append(finalizers, ctrlutils.KongIngressFinalizer)) - if err := r.Client.Update(ctx, obj); err != nil { - return ctrl.Result{}, err - } - return ctrl.Result{Requeue: true}, nil - } - // update the kong Admin API with the changes log.Info("updating the proxy with new Ingress", "namespace", obj.Namespace, "name", obj.Name) if err := r.Proxy.UpdateObject(obj); err != nil { @@ -475,10 +443,8 @@ func (r *ExtV1Beta1IngressReconciler) SetupWithManager(mgr ctrl.Manager) error { //+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=ingresses,verbs=get;list;watch //+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=ingresses/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=ingresses/finalizers,verbs=update //+kubebuilder:rbac:groups=apiextensions.k8s.io,namespace=CHANGEME,resources=ingresses,verbs=get;list;watch //+kubebuilder:rbac:groups=apiextensions.k8s.io,namespace=CHANGEME,resources=ingresses/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=apiextensions.k8s.io,namespace=CHANGEME,resources=ingresses/finalizers,verbs=update // Reconcile processes the watched objects func (r *ExtV1Beta1IngressReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { @@ -516,7 +482,7 @@ func (r *ExtV1Beta1IngressReconciler) Reconcile(ctx context.Context, req ctrl.Re } return ctrl.Result{Requeue: true}, nil // wait until the object is no longer present in the cache } - return ctrlutils.CleanupFinalizer(ctx, r.Client, log, req.NamespacedName, obj) + return ctrl.Result{}, nil } // if the object is not configured with our ingress.class, then we need to ensure it's removed from the cache @@ -528,17 +494,6 @@ func (r *ExtV1Beta1IngressReconciler) Reconcile(ctx context.Context, req ctrl.Re return ctrl.Result{}, nil } - // before we store cache data for this object, ensure that it has our finalizer set - if !ctrlutils.HasFinalizer(obj, ctrlutils.KongIngressFinalizer) { - log.Info("finalizer is not set for resource, setting it", req.Namespace, req.Name) - finalizers := obj.GetFinalizers() - obj.SetFinalizers(append(finalizers, ctrlutils.KongIngressFinalizer)) - if err := r.Client.Update(ctx, obj); err != nil { - return ctrl.Result{}, err - } - return ctrl.Result{Requeue: true}, nil - } - // update the kong Admin API with the changes log.Info("updating the proxy with new Ingress", "namespace", obj.Namespace, "name", obj.Name) if err := r.Proxy.UpdateObject(obj); err != nil { @@ -568,10 +523,8 @@ func (r *KongV1KongIngressReconciler) SetupWithManager(mgr ctrl.Manager) error { //+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongingresses,verbs=get;list;watch //+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongingresses/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongingresses/finalizers,verbs=update //+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=kongingresses,verbs=get;list;watch //+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=kongingresses/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=kongingresses/finalizers,verbs=update // Reconcile processes the watched objects func (r *KongV1KongIngressReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { @@ -641,10 +594,8 @@ func (r *KongV1KongPluginReconciler) SetupWithManager(mgr ctrl.Manager) error { //+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongplugins,verbs=get;list;watch //+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongplugins/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongplugins/finalizers,verbs=update //+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=kongplugins,verbs=get;list;watch //+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=kongplugins/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=kongplugins/finalizers,verbs=update // Reconcile processes the watched objects func (r *KongV1KongPluginReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { @@ -717,10 +668,8 @@ func (r *KongV1KongClusterPluginReconciler) SetupWithManager(mgr ctrl.Manager) e //+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongclusterplugins,verbs=get;list;watch //+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongclusterplugins/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongclusterplugins/finalizers,verbs=update //+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=kongclusterplugins,verbs=get;list;watch //+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=kongclusterplugins/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=kongclusterplugins/finalizers,verbs=update // Reconcile processes the watched objects func (r *KongV1KongClusterPluginReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { @@ -758,7 +707,7 @@ func (r *KongV1KongClusterPluginReconciler) Reconcile(ctx context.Context, req c } return ctrl.Result{Requeue: true}, nil // wait until the object is no longer present in the cache } - return ctrlutils.CleanupFinalizer(ctx, r.Client, log, req.NamespacedName, obj) + return ctrl.Result{}, nil } // if the object is not configured with our ingress.class, then we need to ensure it's removed from the cache @@ -770,17 +719,6 @@ func (r *KongV1KongClusterPluginReconciler) Reconcile(ctx context.Context, req c return ctrl.Result{}, nil } - // before we store cache data for this object, ensure that it has our finalizer set - if !ctrlutils.HasFinalizer(obj, ctrlutils.KongIngressFinalizer) { - log.Info("finalizer is not set for resource, setting it", req.Namespace, req.Name) - finalizers := obj.GetFinalizers() - obj.SetFinalizers(append(finalizers, ctrlutils.KongIngressFinalizer)) - if err := r.Client.Update(ctx, obj); err != nil { - return ctrl.Result{}, err - } - return ctrl.Result{Requeue: true}, nil - } - // update the kong Admin API with the changes log.Info("updating the proxy with new KongClusterPlugin", "namespace", obj.Namespace, "name", obj.Name) if err := r.Proxy.UpdateObject(obj); err != nil { @@ -813,10 +751,8 @@ func (r *KongV1KongConsumerReconciler) SetupWithManager(mgr ctrl.Manager) error //+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumers,verbs=get;list;watch //+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumers/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumers/finalizers,verbs=update //+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=kongconsumers,verbs=get;list;watch //+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=kongconsumers/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=kongconsumers/finalizers,verbs=update // Reconcile processes the watched objects func (r *KongV1KongConsumerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { @@ -854,7 +790,7 @@ func (r *KongV1KongConsumerReconciler) Reconcile(ctx context.Context, req ctrl.R } return ctrl.Result{Requeue: true}, nil // wait until the object is no longer present in the cache } - return ctrlutils.CleanupFinalizer(ctx, r.Client, log, req.NamespacedName, obj) + return ctrl.Result{}, nil } // if the object is not configured with our ingress.class, then we need to ensure it's removed from the cache @@ -866,17 +802,6 @@ func (r *KongV1KongConsumerReconciler) Reconcile(ctx context.Context, req ctrl.R return ctrl.Result{}, nil } - // before we store cache data for this object, ensure that it has our finalizer set - if !ctrlutils.HasFinalizer(obj, ctrlutils.KongIngressFinalizer) { - log.Info("finalizer is not set for resource, setting it", req.Namespace, req.Name) - finalizers := obj.GetFinalizers() - obj.SetFinalizers(append(finalizers, ctrlutils.KongIngressFinalizer)) - if err := r.Client.Update(ctx, obj); err != nil { - return ctrl.Result{}, err - } - return ctrl.Result{Requeue: true}, nil - } - // update the kong Admin API with the changes log.Info("updating the proxy with new KongConsumer", "namespace", obj.Namespace, "name", obj.Name) if err := r.Proxy.UpdateObject(obj); err != nil { @@ -909,10 +834,8 @@ func (r *KongV1Beta1TCPIngressReconciler) SetupWithManager(mgr ctrl.Manager) err //+kubebuilder:rbac:groups=configuration.konghq.com,resources=tcpingresses,verbs=get;list;watch //+kubebuilder:rbac:groups=configuration.konghq.com,resources=tcpingresses/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=configuration.konghq.com,resources=tcpingresses/finalizers,verbs=update //+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=tcpingresses,verbs=get;list;watch //+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=tcpingresses/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=tcpingresses/finalizers,verbs=update // Reconcile processes the watched objects func (r *KongV1Beta1TCPIngressReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { @@ -950,7 +873,7 @@ func (r *KongV1Beta1TCPIngressReconciler) Reconcile(ctx context.Context, req ctr } return ctrl.Result{Requeue: true}, nil // wait until the object is no longer present in the cache } - return ctrlutils.CleanupFinalizer(ctx, r.Client, log, req.NamespacedName, obj) + return ctrl.Result{}, nil } // if the object is not configured with our ingress.class, then we need to ensure it's removed from the cache @@ -962,17 +885,6 @@ func (r *KongV1Beta1TCPIngressReconciler) Reconcile(ctx context.Context, req ctr return ctrl.Result{}, nil } - // before we store cache data for this object, ensure that it has our finalizer set - if !ctrlutils.HasFinalizer(obj, ctrlutils.KongIngressFinalizer) { - log.Info("finalizer is not set for resource, setting it", req.Namespace, req.Name) - finalizers := obj.GetFinalizers() - obj.SetFinalizers(append(finalizers, ctrlutils.KongIngressFinalizer)) - if err := r.Client.Update(ctx, obj); err != nil { - return ctrl.Result{}, err - } - return ctrl.Result{Requeue: true}, nil - } - // update the kong Admin API with the changes log.Info("updating the proxy with new TCPIngress", "namespace", obj.Namespace, "name", obj.Name) if err := r.Proxy.UpdateObject(obj); err != nil { @@ -1005,10 +917,8 @@ func (r *KongV1Beta1UDPIngressReconciler) SetupWithManager(mgr ctrl.Manager) err //+kubebuilder:rbac:groups=configuration.konghq.com,resources=udpingresses,verbs=get;list;watch //+kubebuilder:rbac:groups=configuration.konghq.com,resources=udpingresses/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=configuration.konghq.com,resources=udpingresses/finalizers,verbs=update //+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=udpingresses,verbs=get;list;watch //+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=udpingresses/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=configuration.konghq.com,namespace=CHANGEME,resources=udpingresses/finalizers,verbs=update // Reconcile processes the watched objects func (r *KongV1Beta1UDPIngressReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { @@ -1046,7 +956,7 @@ func (r *KongV1Beta1UDPIngressReconciler) Reconcile(ctx context.Context, req ctr } return ctrl.Result{Requeue: true}, nil // wait until the object is no longer present in the cache } - return ctrlutils.CleanupFinalizer(ctx, r.Client, log, req.NamespacedName, obj) + return ctrl.Result{}, nil } // if the object is not configured with our ingress.class, then we need to ensure it's removed from the cache @@ -1058,17 +968,6 @@ func (r *KongV1Beta1UDPIngressReconciler) Reconcile(ctx context.Context, req ctr return ctrl.Result{}, nil } - // before we store cache data for this object, ensure that it has our finalizer set - if !ctrlutils.HasFinalizer(obj, ctrlutils.KongIngressFinalizer) { - log.Info("finalizer is not set for resource, setting it", req.Namespace, req.Name) - finalizers := obj.GetFinalizers() - obj.SetFinalizers(append(finalizers, ctrlutils.KongIngressFinalizer)) - if err := r.Client.Update(ctx, obj); err != nil { - return ctrl.Result{}, err - } - return ctrl.Result{Requeue: true}, nil - } - // update the kong Admin API with the changes log.Info("updating the proxy with new UDPIngress", "namespace", obj.Namespace, "name", obj.Name) if err := r.Proxy.UpdateObject(obj); err != nil { @@ -1101,10 +1000,8 @@ func (r *Knativev1alpha1IngressReconciler) SetupWithManager(mgr ctrl.Manager) er //+kubebuilder:rbac:groups=networking.internal.knative.dev,resources=ingresses,verbs=get;list;watch //+kubebuilder:rbac:groups=networking.internal.knative.dev,resources=ingresses/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=networking.internal.knative.dev,resources=ingresses/finalizers,verbs=update //+kubebuilder:rbac:groups=networking.internal.knative.dev,namespace=CHANGEME,resources=ingresses,verbs=get;list;watch //+kubebuilder:rbac:groups=networking.internal.knative.dev,namespace=CHANGEME,resources=ingresses/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=networking.internal.knative.dev,namespace=CHANGEME,resources=ingresses/finalizers,verbs=update // Reconcile processes the watched objects func (r *Knativev1alpha1IngressReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { @@ -1142,7 +1039,7 @@ func (r *Knativev1alpha1IngressReconciler) Reconcile(ctx context.Context, req ct } return ctrl.Result{Requeue: true}, nil // wait until the object is no longer present in the cache } - return ctrlutils.CleanupFinalizer(ctx, r.Client, log, req.NamespacedName, obj) + return ctrl.Result{}, nil } // if the object is not configured with our ingress.class, then we need to ensure it's removed from the cache @@ -1154,17 +1051,6 @@ func (r *Knativev1alpha1IngressReconciler) Reconcile(ctx context.Context, req ct return ctrl.Result{}, nil } - // before we store cache data for this object, ensure that it has our finalizer set - if !ctrlutils.HasFinalizer(obj, ctrlutils.KongIngressFinalizer) { - log.Info("finalizer is not set for resource, setting it", req.Namespace, req.Name) - finalizers := obj.GetFinalizers() - obj.SetFinalizers(append(finalizers, ctrlutils.KongIngressFinalizer)) - if err := r.Client.Update(ctx, obj); err != nil { - return ctrl.Result{}, err - } - return ctrl.Result{Requeue: true}, nil - } - // update the kong Admin API with the changes log.Info("updating the proxy with new Ingress", "namespace", obj.Namespace, "name", obj.Name) if err := r.Proxy.UpdateObject(obj); err != nil { diff --git a/railgun/hack/generators/controllers/networking/main.go b/railgun/hack/generators/controllers/networking/main.go index 0532a2da0a..61fa2d2229 100644 --- a/railgun/hack/generators/controllers/networking/main.go +++ b/railgun/hack/generators/controllers/networking/main.go @@ -295,9 +295,6 @@ type typeNeeded struct { // AcceptsIngressClassNameAnnotation indicates that the object accepts (and the controller will listen to) // the "kubernetes.io/ingress.class" annotation to decide whether or not the object is supported. - // - // This setting will also indicate whether or not a generated controller will employ a teardown finalizer - // to indicate that we need to wait for cache deletion to succeed before allowing Kubernetes GC to remove the obj. AcceptsIngressClassNameAnnotation bool // AcceptsIngressClassNameSpec indicates the the object indicates the ingress.class that should support it via @@ -400,10 +397,8 @@ func (r *{{.PackageAlias}}{{.Type}}Reconciler) SetupWithManager(mgr ctrl.Manager //+kubebuilder:rbac:groups={{.URL}},resources={{.Plural}},verbs={{ .RBACVerbs | join ";" }} //+kubebuilder:rbac:groups={{.URL}},resources={{.Plural}}/status,verbs=get;update;patch -//+kubebuilder:rbac:groups={{.URL}},resources={{.Plural}}/finalizers,verbs=update //+kubebuilder:rbac:groups={{.URL}},namespace=CHANGEME,resources={{.Plural}},verbs={{ .RBACVerbs | join ";" }} //+kubebuilder:rbac:groups={{.URL}},namespace=CHANGEME,resources={{.Plural}}/status,verbs=get;update;patch -//+kubebuilder:rbac:groups={{.URL}},namespace=CHANGEME,resources={{.Plural}}/finalizers,verbs=update // Reconcile processes the watched objects func (r *{{.PackageAlias}}{{.Type}}Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { @@ -441,11 +436,7 @@ func (r *{{.PackageAlias}}{{.Type}}Reconciler) Reconcile(ctx context.Context, re } return ctrl.Result{Requeue: true}, nil // wait until the object is no longer present in the cache } -{{- if .AcceptsIngressClassNameAnnotation}} - return ctrlutils.CleanupFinalizer(ctx, r.Client, log, req.NamespacedName, obj) -{{- else}} return ctrl.Result{}, nil -{{- end}} } {{if .AcceptsIngressClassNameAnnotation}} // if the object is not configured with our ingress.class, then we need to ensure it's removed from the cache @@ -456,17 +447,6 @@ func (r *{{.PackageAlias}}{{.Type}}Reconciler) Reconcile(ctx context.Context, re } return ctrl.Result{}, nil } - - // before we store cache data for this object, ensure that it has our finalizer set - if !ctrlutils.HasFinalizer(obj, ctrlutils.KongIngressFinalizer) { - log.Info("finalizer is not set for resource, setting it", req.Namespace, req.Name) - finalizers := obj.GetFinalizers() - obj.SetFinalizers(append(finalizers, ctrlutils.KongIngressFinalizer)) - if err := r.Client.Update(ctx, obj); err != nil { - return ctrl.Result{}, err - } - return ctrl.Result{Requeue: true}, nil - } {{end}} // update the kong Admin API with the changes log.Info("updating the proxy with new {{.Type}}", "namespace", obj.Namespace, "name", obj.Name) diff --git a/railgun/internal/ctrlutils/utils.go b/railgun/internal/ctrlutils/utils.go index 7eda26980b..e7344af64c 100644 --- a/railgun/internal/ctrlutils/utils.go +++ b/railgun/internal/ctrlutils/utils.go @@ -1,16 +1,11 @@ package ctrlutils import ( - "context" - - "github.com/go-logr/logr" "github.com/kong/kubernetes-ingress-controller/pkg/annotations" netv1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/api/meta" "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/types" knative "knative.dev/networking/pkg/apis/networking/v1alpha1" - ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/event" "sigs.k8s.io/controller-runtime/pkg/predicate" @@ -19,39 +14,6 @@ import ( // classSpec indicates the fieldName for objects which support indicating their Ingress Class by spec const classSpec = "IngressClassName" -// CleanupFinalizer removes an object finalizer from an object which is currently being deleted. -func CleanupFinalizer(ctx context.Context, c client.Client, log logr.Logger, nsn types.NamespacedName, obj client.Object) (ctrl.Result, error) { - if HasFinalizer(obj, KongIngressFinalizer) { - log.Info("kong ingress finalizer needs to be removed from a resource which is deleting", "ingress", obj.GetName(), "finalizer", KongIngressFinalizer) - finalizers := []string{} - for _, finalizer := range obj.GetFinalizers() { - if finalizer != KongIngressFinalizer { - finalizers = append(finalizers, finalizer) - } - } - obj.SetFinalizers(finalizers) - if err := c.Update(ctx, obj); err != nil { - return ctrl.Result{}, err - } - log.Info("the kong ingress finalizer was removed from an a resource which is deleting", "ingress", obj.GetName(), "finalizer", KongIngressFinalizer) - return ctrl.Result{Requeue: true}, nil - } - - return ctrl.Result{}, nil -} - -// HasFinalizer is a helper function to check whether a client.Object -// already has a specific finalizer set. -func HasFinalizer(obj client.Object, finalizer string) bool { - hasFinalizer := false - for _, foundFinalizer := range obj.GetFinalizers() { - if foundFinalizer == finalizer { - hasFinalizer = true - } - } - return hasFinalizer -} - // HasAnnotation is a helper function to determine whether an object has a given annotation, and whether it's // to the value provided. func HasAnnotation(obj client.Object, key, expectedValue string) bool { diff --git a/railgun/internal/ctrlutils/vars.go b/railgun/internal/ctrlutils/vars.go deleted file mode 100644 index 5f8d0bc7d7..0000000000 --- a/railgun/internal/ctrlutils/vars.go +++ /dev/null @@ -1,8 +0,0 @@ -package ctrlutils - -// ----------------------------------------------------------------------------- -// General Controller Variables -// ----------------------------------------------------------------------------- - -// KongIngressFinalizer is the finalizer used to ensure Kong configuration cleanup for deleted resources. -const KongIngressFinalizer = "configuration.konghq.com/ingress"