stackitcloud · dergeberl · Feb 21, 2024 · Feb 15, 2024 · Feb 15, 2024 · Feb 16, 2024
@@ -69,6 +69,15 @@ const (
 	// If logForward is enabled, annotations that are prefixed with this constant
 	// will be used as extra labels for loki
 	LoadBalancerLogLabelPrefix = "logging.yawol.stackit.cloud/"
+	// LoadBalancerKeepFloatingIP indicates the controller to not delete the floating ip on lb deletion.
+	// When set to 'true' deleting the annotated loadbalancer will orphan the floating ip.
+	LoadBalancerKeepFloatingIP = "yawol.stackit.cloud/keepFloatingIP"
+	// LoadBalancerKeepPort indicates the controller to not delete the port on lb deletion.
+	// When set to 'true' deleting the annotated loadbalancer will orphan the port.
+	LoadBalancerKeepPort = "yawol.stackit.cloud/keepPort"
+	// LoadBalancerKeepSecurityGroup indicates the controller to not delete the security group on lb deletion.
+	// When set to 'true' deleting the annotated loadbalancer will orphan the security group.
+	LoadBalancerKeepSecurityGroup = "yawol.stackit.cloud/keepSecurityGroup"
 )
 
 // +kubebuilder:object:root=true

@@ -1117,6 +1117,24 @@ func (r *Reconciler) deleteFips(
 
 	var requeue = false
 
+	// skip deletion and release status when annotated
+	if lb.GetAnnotations()[yawolv1beta1.LoadBalancerKeepFloatingIP] == "true" {
+		if lb.Status.FloatingID == nil &&
+			lb.Status.FloatingName == nil {
+			return false, nil
+		}
+		r.Log.Info("FIP released.", "lb", lb.Namespace+"/"+lb.Name)
+		err = helper.RemoveFromLBStatus(ctx, r.Client.Status(), lb, "floatingID")
+		if err != nil {
+			return false, err
+		}
+		err = helper.RemoveFromLBStatus(ctx, r.Client.Status(), lb, "floatingName")
+		if err != nil {
+			return false, err
+		}
+		return true, nil
+	}
+
 	// Remove only from status if lb.Spec.ExistingFloatingIP is set
 	if lb.Spec.ExistingFloatingIP != nil {
 		if lb.Status.FloatingID == nil &&
@@ -1224,6 +1242,19 @@ func (r *Reconciler) deletePorts(
 		return false, err
 	}
 
+	// skip deletion and release status when annotated
+	if lb.GetAnnotations()[yawolv1beta1.LoadBalancerKeepPort] == "true" {
+		if lb.Status.PortID == nil {
+			return false, nil
+		}
+		r.Log.Info("Port released", "lb", lb.Namespace+"/"+lb.Name)
+		err = helper.RemoveFromLBStatus(ctx, r.Client.Status(), lb, "portID")
+		if err != nil {
+			return false, err
+		}
+		return true, nil
+	}
+
 	var requeue bool
 
 	if lb.Status.PortID != nil {
@@ -1313,6 +1344,15 @@ func (r *Reconciler) deleteSecGroups(
 	if err != nil {
 		return false, err
 	}
+	// skip deletion and release status when annotated
+	if lb.GetAnnotations()[yawolv1beta1.LoadBalancerKeepSecurityGroup] == "true" {
+		if lb.Status.SecurityGroupID == nil {
+			return false, nil
+		}
+		r.Log.Info("security group was released", "lb", lb.Namespace+"/"+lb.Name)
+		err = helper.RemoveFromLBStatus(ctx, r.Client.Status(), lb, "security_group_id")
+		return err != nil, err
+	}
 
 	var requeue bool
 	//nolint: dupl // we can't extract this code because of generics

@@ -774,6 +774,84 @@ var _ = Describe("loadbalancer controller", Serial, Ordered, func() {
 	}) // openstack not working context
 
 	Context("clean up openstack", func() {
+		When("the lb is in annotated with keep flags", func() {
+			var nn types.NamespacedName
+			BeforeEach(func() {
+				nn = types.NamespacedName{
+					Name:      "annotated-lb",
+					Namespace: namespace,
+				}
+				annotatedLB := getMockLB(nn)
+				annotatedLB.Annotations = map[string]string{
+					yawolv1beta1.LoadBalancerKeepFloatingIP:    "true",
+					yawolv1beta1.LoadBalancerKeepPort:          "true",
+					yawolv1beta1.LoadBalancerKeepSecurityGroup: "true",
+				}
+				k8sClient.Create(ctx, annotatedLB)
+			})
+
+			It("should not delete the port", func() {
+				By("checking that portname is set")
+				hopefully(nn, func(g Gomega, act LB) error {
+					g.Expect(act.Status.PortName).To(Not(BeNil()))
+					g.Expect(*act.Status.PortName == nn.String())
+					return nil
+				})
+
+				By("deleting the LB")
+				cleanupLB(nn, timeout)
+
+				By("checking that the port is still there")
+				Eventually(func(g Gomega) {
+					c, _ := mockClient.PortClient(ctx)
+
+					ports, err := c.List(ctx, ports.ListOpts{Name: nn.String()})
+					g.Expect(err).To(Not(HaveOccurred()))
+					g.Expect(len(ports)).To(Equal(1))
+				}, timeout, interval).Should(Succeed())
+			})
+			It("should not delete the security group", func() {
+				By("checking that secgroup is set")
+				hopefully(nn, func(g Gomega, act LB) error {
+					g.Expect(act.Status.SecurityGroupID).To(Not(BeNil()))
+					g.Expect(*act.Status.SecurityGroupName == nn.String())
+					return nil
+				})
+
+				By("deleting the LB")
+				cleanupLB(nn, timeout)
+
+				By("checking that the sec group is still there")
+				Eventually(func(g Gomega) {
+					c, _ := mockClient.GroupClient(ctx)
+
+					groups, err := c.List(ctx, groups.ListOpts{Name: nn.String()})
+					g.Expect(err).To(Not(HaveOccurred()))
+					g.Expect(len(groups)).To(Equal(1))
+				}, timeout, interval).Should(Succeed())
+			})
+			It("should not delete the fip", func() {
+				var fipIP *string
+				By("checking that fip is set")
+				hopefully(nn, func(g Gomega, act LB) error {
+					g.Expect(act.Status.FloatingID).To(Not(BeNil()))
+					fipIP = act.Status.ExternalIP
+					return nil
+				})
+
+				By("deleting the LB")
+				cleanupLB(nn, timeout)
+
+				By("checking that the fip is still there")
+				Eventually(func(g Gomega) {
+					c, _ := mockClient.FipClient(ctx)
+
+					fip, err := c.List(ctx, floatingips.ListOpts{FloatingIP: *fipIP})
+					g.Expect(err).To(Not(HaveOccurred()))
+					g.Expect(len(fip)).To(Equal(1))
+				}, timeout, interval).Should(Succeed())
+			})
+		})
 		When("there are additional ports", func() {
 			count := 5
 			BeforeEach(func() {