feat: Suspend flux calico helmrelease before cluster delete

jimmidyson · jimmidyson · commit 10a3eadc73a5 · 2023-02-08T13:39:57.000Z
diff --git a/pkg/addons/fluxhelmrelease/cni.go b/pkg/addons/fluxhelmrelease/cni.go
@@ -21,10 +21,7 @@ import (
 	"sigs.k8s.io/yaml"
 )
 
-// CNIForCluster returns a complete set of Cluster API objects to describe a CNI Configuration
-// installable via Flux resources.
-func CNIForCluster(cluster *clusterv1.Cluster) ([]unstructured.Unstructured, error) {
-	vals, _ := yaml.YAMLToJSON([]byte(`
+var calicoHelmReleaseValues, _ = yaml.YAMLToJSON([]byte(`
 installation:
   cni:
     type: Calico
@@ -41,6 +38,8 @@ installation:
   typhaMetricsPort: 9093
 `))
 
+// CNIForCluster returns a set of  objects to describe a CNI Configuration installable via Flux resources.
+func CNIForCluster(cluster *clusterv1.Cluster) ([]unstructured.Unstructured, error) {
 	objs := []client.Object{
 		&corev1.Namespace{
 			TypeMeta: metav1.TypeMeta{
@@ -64,61 +63,27 @@ installation:
 				URL: "https://docs.tigera.io/calico/charts",
 			},
 		},
-		&fluxhelmv2beta1.HelmRelease{
-			TypeMeta: metav1.TypeMeta{
-				APIVersion: fluxhelmv2beta1.GroupVersion.String(),
-				Kind:       fluxhelmv2beta1.HelmReleaseKind,
-			},
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      cluster.Name + "-tigera-operator",
-				Namespace: cluster.Namespace,
-				OwnerReferences: []metav1.OwnerReference{{
-					APIVersion: cluster.APIVersion,
-					Kind:       cluster.Kind,
-					Name:       cluster.Name,
-					UID:        cluster.UID,
-					Controller: pointer.Bool(true),
-				}},
-			},
-			Spec: fluxhelmv2beta1.HelmReleaseSpec{
-				KubeConfig: &fluxhelmv2beta1.KubeConfig{
-					SecretRef: meta.SecretKeyReference{
-						Name: fmt.Sprintf("%s-kubeconfig", cluster.Name),
-						Key:  "value",
-					},
-				},
-				TargetNamespace: "tigera-operator",
-				ReleaseName:     "tigera-operator",
-				Chart: fluxhelmv2beta1.HelmChartTemplate{
-					Spec: fluxhelmv2beta1.HelmChartTemplateSpec{
-						SourceRef: fluxhelmv2beta1.CrossNamespaceObjectReference{
-							APIVersion: fluxsourcev1beta2.GroupVersion.String(),
-							Kind:       fluxsourcev1beta2.HelmRepositoryKind,
-							Namespace:  "flux-helmrelease-addons",
-							Name:       "projectcalico",
-						},
-						Chart:   "tigera-operator",
-						Version: " v3.25.0",
-					},
-				},
-				Values: &apiextensionsv1.JSON{Raw: vals},
-				Install: &fluxhelmv2beta1.Install{
-					CreateNamespace: true,
-					CRDs:            fluxhelmv2beta1.CreateReplace,
-					Remediation: &fluxhelmv2beta1.InstallRemediation{
-						Retries: 30,
-					},
-				},
-				Upgrade: &fluxhelmv2beta1.Upgrade{
-					CRDs: fluxhelmv2beta1.CreateReplace,
-					Remediation: &fluxhelmv2beta1.UpgradeRemediation{
-						Retries: 30,
-					},
-				},
-			},
-		},
+		calicoHelmReleaseForCluster(cluster),
+	}
+
+	unstrObjs := make([]unstructured.Unstructured, 0, len(objs))
+	for _, obj := range objs {
+		unstrObj, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj)
+		if err != nil {
+			return nil, err
+		}
+		unstrObjs = append(unstrObjs, unstructured.Unstructured{Object: unstrObj})
 	}
 
+	return unstrObjs, nil
+}
+
+// CNIPatchesForClusterDelete returns a set of patches to apply before cluster deletion.
+func CNIPatchesForClusterDelete(cluster *clusterv1.Cluster) ([]unstructured.Unstructured, error) {
+	hr := calicoHelmReleaseForCluster(cluster)
+	hr.Spec.Suspend = true
+	objs := []client.Object{hr}
+
 	unstrObjs := make([]unstructured.Unstructured, 0, len(objs))
 	for _, obj := range objs {
 		unstrObj, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj)
@@ -130,3 +95,59 @@ installation:
 
 	return unstrObjs, nil
 }
+
+func calicoHelmReleaseForCluster(cluster *clusterv1.Cluster) *fluxhelmv2beta1.HelmRelease {
+	return &fluxhelmv2beta1.HelmRelease{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: fluxhelmv2beta1.GroupVersion.String(),
+			Kind:       fluxhelmv2beta1.HelmReleaseKind,
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      cluster.Name + "-tigera-operator",
+			Namespace: cluster.Namespace,
+			OwnerReferences: []metav1.OwnerReference{{
+				APIVersion: cluster.APIVersion,
+				Kind:       cluster.Kind,
+				Name:       cluster.Name,
+				UID:        cluster.UID,
+				Controller: pointer.Bool(true),
+			}},
+		},
+		Spec: fluxhelmv2beta1.HelmReleaseSpec{
+			KubeConfig: &fluxhelmv2beta1.KubeConfig{
+				SecretRef: meta.SecretKeyReference{
+					Name: fmt.Sprintf("%s-kubeconfig", cluster.Name),
+					Key:  "value",
+				},
+			},
+			TargetNamespace: "tigera-operator",
+			ReleaseName:     "tigera-operator",
+			Chart: fluxhelmv2beta1.HelmChartTemplate{
+				Spec: fluxhelmv2beta1.HelmChartTemplateSpec{
+					SourceRef: fluxhelmv2beta1.CrossNamespaceObjectReference{
+						APIVersion: fluxsourcev1beta2.GroupVersion.String(),
+						Kind:       fluxsourcev1beta2.HelmRepositoryKind,
+						Namespace:  "flux-helmrelease-addons",
+						Name:       "projectcalico",
+					},
+					Chart:   "tigera-operator",
+					Version: " v3.25.0",
+				},
+			},
+			Values: &apiextensionsv1.JSON{Raw: calicoHelmReleaseValues},
+			Install: &fluxhelmv2beta1.Install{
+				CreateNamespace: true,
+				CRDs:            fluxhelmv2beta1.CreateReplace,
+				Remediation: &fluxhelmv2beta1.InstallRemediation{
+					Retries: 30,
+				},
+			},
+			Upgrade: &fluxhelmv2beta1.Upgrade{
+				CRDs: fluxhelmv2beta1.CreateReplace,
+				Remediation: &fluxhelmv2beta1.UpgradeRemediation{
+					Retries: 30,
+				},
+			},
+		},
+	}
+}
diff --git a/pkg/handlers/lifecycle/handlers.go b/pkg/handlers/lifecycle/handlers.go
@@ -64,7 +64,13 @@ func (m *ExtensionHandlers) DoAfterControlPlaneInitialized(
 
 	genericResourcesClient := k8sclient.NewGenericResourcesClient(m.client, log)
 
-	err := applyCNICRS(ctx, m.addonProvider, &request.Cluster, genericResourcesClient, m.client)
+	err := applyCNIResources(
+		ctx,
+		m.addonProvider,
+		&request.Cluster,
+		genericResourcesClient,
+		m.client,
+	)
 	if err != nil {
 		response.Status = runtimehooksv1.ResponseStatusFailure
 		response.Message = err.Error()
@@ -87,9 +93,47 @@ func (m *ExtensionHandlers) DoBeforeClusterDelete(
 ) {
 	log := ctrl.LoggerFrom(ctx)
 	log.Info("BeforeClusterDelete is called")
+
+	genericResourcesClient := k8sclient.NewGenericResourcesClient(m.client, log)
+
+	err := applyCNIResourcesForDelete(
+		ctx,
+		m.addonProvider,
+		&request.Cluster,
+		genericResourcesClient,
+	)
+	if err != nil {
+		response.Status = runtimehooksv1.ResponseStatusFailure
+		response.Message = err.Error()
+	}
+}
+
+func applyCNIResourcesForDelete(
+	ctx context.Context,
+	addonProvider AddonProvider,
+	cluster *v1beta1.Cluster,
+	genericResourcesClient *k8sclient.GenericResourcesClient,
+) error {
+	var (
+		err  error
+		objs []unstructured.Unstructured
+	)
+	switch addonProvider {
+	case ClusterResourceSetAddonProvider:
+		// Nothing to do.
+	case FluxHelmReleaseAddonProvider:
+		objs, err = fluxhelmrelease.CNIPatchesForClusterDelete(cluster)
+	default:
+		err = fmt.Errorf("unsupported provider: %q", addonProvider)
+	}
+	if err != nil {
+		return err
+	}
+
+	return genericResourcesClient.Apply(ctx, objs...)
 }
 
-func applyCNICRS(
+func applyCNIResources(
 	ctx context.Context,
 	addonProvider AddonProvider,
 	cluster *v1beta1.Cluster,
