Skip to content

Commit

Permalink
add finalizer to apiserver ingress
Browse files Browse the repository at this point in the history
  • Loading branch information
Diaphteiros committed Sep 8, 2022
1 parent 4204cfb commit 4506798
Show file tree
Hide file tree
Showing 3 changed files with 70 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ metadata:
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
kubernetes.io/ingress.class: "nginx"
finalizers:
- "garden-setup.gardener.cloud/prevent-deletion"
name: apiserver-ingress
namespace: {{ .Release.Namespace }}
spec:
Expand Down
11 changes: 10 additions & 1 deletion components/kube-apiserver/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,21 @@ plugins:
- kubeapiserver
- template
- kubectl: kubeapiserver
- finalize

settings:
apiserver_dns: (( "api." imports.ingress_controller.export.ingress_domain ))
gardener_dns: (( "gardener." imports.ingress_controller.export.ingress_domain ))
apiserver_url_internal: (( "https://" .kubeapiserver.serviceName "." .kubeapiserver.namespace ".svc:443" ))


finalize:
kubeconfig: (( landscape.clusters.[0].kubeconfig ))
type: ingress
name: apiserver-ingress
namespace: (( .landscape.namespace ))
finalizers:
- "garden-setup.gardener.cloud/prevent-deletion"

spec:
<<: (( &temporary ))

Expand Down
58 changes: 58 additions & 0 deletions plugins/finalize/plugin
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
#!/usr/bin/env bash
# Copyright 2022 Copyright (c) 2022 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# This plugin removes one or more finalizers from a specified resource.
# Removing will only happen on deletion.
# Usage: Specify type, name, and optionally namespace of the resource. Provide a list of finalizers that should be removed from it. If the list contains either '*' or 'all', all finalizers will be removed.

source "$SOWLIB/pluginutils"
source "$SOWLIB/k8s"

getRequiredValue type "type" PLUGINCONFIGJSON
getRequiredValue name "name" PLUGINCONFIGJSON
getValue namespace "namespace" PLUGINCONFIGJSON
getValueList finalizers "finalizers" PLUGINCONFIGJSON
K8S_setKubeConfig "$PLUGININSTANCE" "$dir/kubeconfig"

finalize()
{
info "removing finalizers from $type ${namespace:-}${namespace:+"/"}$name"
for fin in ${finalizers[@]}; do
if [[ "$fin" == '*' ]] || [[ "$fin" == 'all' ]]; then
echo "removing all finalizers"
exec_cmd kubectl ${namespace:+"--namespace="}${namespace:-} patch "$type" "$name" --type json --patch '[{"op": "remove", "path": "/metadata/finalizers"}]'
break
else
# determine index of specific finalizer
local index=$(kubectl ${namespace:+"--namespace="}${namespace:-} get "$type" "$name" -o json | jq '.metadata.finalizers | map(. == $fin) | index(true)' --arg fin "$fin")
if [[ "$index" == "null" ]]; then
echo "finalizer '$fin' does not exist"
else
echo "Removing finalizer '$fin' (index $index)"
exec_cmd kubectl ${namespace:+"--namespace="}${namespace:-} patch "$type" "$name" --type json --patch "[{\"op\": \"remove\", \"path\": \"/metadata/finalizers/$index\"}]"
fi
fi
done
}

case "$1" in
deploy)
verbose "Noting to do on deploy."
;;
delete)
finalize
;;
*) fail "unsupported action $1"
esac

0 comments on commit 4506798

Please sign in to comment.