feat: delete Services type LoadBalancer on BeforeClusterDelete (#29)

Fixes #4

Automatically delete workload cluster Services with type `LoadBalancers`
before deleting the cluster.

It checks for certain conditions on the Cluster object if Services
should be deleted.
It's also possible to disable this behavior by adding an annotation
`capi-runtime-extensions.d2iq-labs.com/loadbalancer-gc` to the Cluster
object.

---------

Signed-off-by: Dimitri Koshkin <[email protected]>
Co-authored-by: Jimmi Dyson <[email protected]>

Author: dkoshkin

go.mod

@@ -12,6 +12,7 @@ require (
 	github.com/onsi/ginkgo/v2 v2.8.1
 	github.com/onsi/gomega v1.26.0
 	github.com/spf13/pflag v1.0.5
+	github.com/stretchr/testify v1.8.0
 	golang.org/x/sync v0.1.0
 	k8s.io/apimachinery v0.25.6
 	k8s.io/component-base v0.25.6
@@ -21,9 +22,11 @@ require (
 )
 
 require (
+	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/fluxcd/pkg/apis/acl v0.1.0 // indirect
 	github.com/fluxcd/pkg/apis/kustomize v0.7.0 // indirect
 	github.com/go-logr/zapr v1.2.3 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.21.0 // indirect

go.sum

@@ -97,6 +97,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.m
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
+github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
 github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
 github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=

pkg/constants/constants.go

@@ -0,0 +1,8 @@
+// Copyright 2023 D2iQ, Inc. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package constants
+
+const (
+	LoadBalancerGCAnnotation = "labs.d2iq.io/loadbalancer-gc"
+)

pkg/handlers/lifecycle/handlers.go

@@ -7,6 +7,7 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -19,6 +20,7 @@ import (
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/addons/clusterresourcesets"
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/addons/fluxhelmrelease"
 	k8sclient "github.com/d2iq-labs/capi-runtime-extensions/pkg/k8s/client"
+	"github.com/d2iq-labs/capi-runtime-extensions/pkg/k8s/deleter"
 )
 
 type AddonProvider string
@@ -50,7 +52,12 @@ func (m *ExtensionHandlers) DoBeforeClusterCreate(
 	request *runtimehooksv1.BeforeClusterCreateRequest,
 	response *runtimehooksv1.BeforeClusterCreateResponse,
 ) {
-	log := ctrl.LoggerFrom(ctx)
+	log := ctrl.LoggerFrom(ctx).WithValues(
+		"Cluster",
+		request.Cluster.GetName(),
+		"Namespace",
+		request.Cluster.GetNamespace(),
+	)
 	log.Info("BeforeClusterCreate is called")
 }
 
@@ -59,7 +66,12 @@ func (m *ExtensionHandlers) DoAfterControlPlaneInitialized(
 	request *runtimehooksv1.AfterControlPlaneInitializedRequest,
 	response *runtimehooksv1.AfterControlPlaneInitializedResponse,
 ) {
-	log := ctrl.LoggerFrom(ctx)
+	log := ctrl.LoggerFrom(ctx).WithValues(
+		"Cluster",
+		request.Cluster.GetName(),
+		"Namespace",
+		request.Cluster.GetNamespace(),
+	)
 	log.Info("AfterControlPlaneInitialized is called")
 
 	genericResourcesClient := k8sclient.NewGenericResourcesClient(m.client, log)
@@ -82,7 +94,12 @@ func (m *ExtensionHandlers) DoBeforeClusterUpgrade(
 	request *runtimehooksv1.BeforeClusterUpgradeRequest,
 	response *runtimehooksv1.BeforeClusterUpgradeResponse,
 ) {
-	log := ctrl.LoggerFrom(ctx)
+	log := ctrl.LoggerFrom(ctx).WithValues(
+		"Cluster",
+		request.Cluster.GetName(),
+		"Namespace",
+		request.Cluster.GetNamespace(),
+	)
 	log.Info("BeforeClusterUpgrade is called")
 }
 
@@ -91,7 +108,12 @@ func (m *ExtensionHandlers) DoBeforeClusterDelete(
 	request *runtimehooksv1.BeforeClusterDeleteRequest,
 	response *runtimehooksv1.BeforeClusterDeleteResponse,
 ) {
-	log := ctrl.LoggerFrom(ctx)
+	log := ctrl.LoggerFrom(ctx).WithValues(
+		"Cluster",
+		request.Cluster.GetName(),
+		"Namespace",
+		request.Cluster.GetNamespace(),
+	)
 	log.Info("BeforeClusterDelete is called")
 
 	genericResourcesClient := k8sclient.NewGenericResourcesClient(m.client, log)
@@ -106,6 +128,14 @@ func (m *ExtensionHandlers) DoBeforeClusterDelete(
 		response.Status = runtimehooksv1.ResponseStatusFailure
 		response.Message = err.Error()
 	}
+
+	// Delete Services of type LoadBalancer in the Cluster
+	// Skip if annotation capi-runtime-extensions.d2iq-labs.com/loadbalancer-gc=false
+	err = deleteServiceLoadBalancers(ctx, log, &request.Cluster, m.client)
+	if err != nil {
+		response.Status = runtimehooksv1.ResponseStatusFailure
+		response.Message = err.Error()
+	}
 }
 
 func applyCNIResourcesForDelete(
@@ -181,3 +211,40 @@ func applyCNIResources(
 
 	return genericResourcesClient.Apply(ctx, objs...)
 }
+
+func deleteServiceLoadBalancers(
+	ctx context.Context,
+	log logr.Logger,
+	cluster *v1beta1.Cluster,
+	c ctrlclient.Client,
+) error {
+	shouldDelete, err := deleter.ShouldDeleteServicesWithLoadBalancer(cluster)
+	if err != nil {
+		return fmt.Errorf(
+			"error determining if Services of type LoadBalancer should be deleted: %w",
+			err,
+		)
+	}
+	if !shouldDelete {
+		return nil
+	}
+
+	log.Info("Will attempt to delete Services with type LoadBalancer")
+	remoteClient, err := remote.NewClusterClient(
+		ctx,
+		"",
+		c,
+		ctrlclient.ObjectKeyFromObject(cluster),
+	)
+	if err != nil {
+		return err
+	}
+
+	dltr := deleter.New(log, cluster, remoteClient)
+	err = dltr.DeleteServicesWithLoadBalancer(ctx)
+	if err != nil {
+		return fmt.Errorf("error deleting Services of type LoadBalancer: %v", err)
+	}
+
+	return nil
+}

pkg/k8s/annotations/annotations.go

@@ -0,0 +1,13 @@
+// Copyright 2023 D2iQ, Inc. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package annotations
+
+import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+// Get will get the value of the supplied annotation.
+func Get(obj metav1.Object, name string) (string, bool) {
+	annotations := obj.GetAnnotations()
+	val, found := annotations[name]
+	return val, found
+}

pkg/k8s/deleter/deleter.go

@@ -0,0 +1,185 @@
+// Copyright 2023 D2iQ, Inc. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package deleter
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/go-logr/logr"
+	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/wait"
+	"sigs.k8s.io/cluster-api/api/v1beta1"
+	"sigs.k8s.io/cluster-api/util/conditions"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/d2iq-labs/capi-runtime-extensions/pkg/constants"
+	"github.com/d2iq-labs/capi-runtime-extensions/pkg/k8s/annotations"
+)
+
+var ErrFailedToDeleteService = errors.New("kubernetes Services deletion failed")
+
+type Deleter struct {
+	cluster *v1beta1.Cluster
+	client  client.Client
+	log     logr.Logger
+}
+
+type objectMetaList []metav1.ObjectMeta
+
+func (ol objectMetaList) asCommaSeparatedString() string {
+	names := make([]string, 0, len(ol))
+	for n := range ol {
+		obj := ol[n]
+		names = append(names, fmt.Sprintf("%s/%s", obj.Namespace, obj.Name))
+	}
+	return strings.Join(names, ", ")
+}
+
+func New(log logr.Logger, cluster *v1beta1.Cluster, remoteClient client.Client) Deleter {
+	return Deleter{
+		cluster: cluster,
+		client:  remoteClient,
+		log:     log,
+	}
+}
+
+func (d *Deleter) DeleteServicesWithLoadBalancer(ctx context.Context) error {
+	return deleteServicesWithLoadBalancer(ctx, d.client, d.log)
+}
+
+func deleteServicesWithLoadBalancer(
+	ctx context.Context,
+	c client.Client,
+	log logr.Logger,
+) error {
+	log.Info("Listing Services with type LoadBalancer")
+	services := &corev1.ServiceList{}
+	err := c.List(ctx, services)
+	if err != nil {
+		return fmt.Errorf("error listing Services: %w", err)
+	}
+
+	var svcsFailedToBeDeleted objectMetaList
+	for i := range services.Items {
+		svc := &services.Items[i]
+		if needsDelete(svc) {
+			log.Info(fmt.Sprintf("Deleting Service %s/%s", svc.Namespace, svc.Name))
+			if err = c.Delete(ctx, svc); client.IgnoreNotFound(err) != nil {
+				log.Error(
+					err,
+					fmt.Sprintf(
+						"Error deleting Service %s/%s",
+						svc.Namespace,
+						svc.Name,
+					),
+				)
+				svcsFailedToBeDeleted = append(svcsFailedToBeDeleted, svc.ObjectMeta)
+				continue
+			}
+			if err = waitForServiceDeletion(ctx, c, svc); err != nil {
+				log.Error(
+					err,
+					fmt.Sprintf(
+						"Error waiting for Service to be deleted %s/%s",
+						svc.Namespace,
+						svc.Name,
+					),
+				)
+				svcsFailedToBeDeleted = append(svcsFailedToBeDeleted, svc.ObjectMeta)
+			}
+		}
+	}
+	if len(svcsFailedToBeDeleted) > 0 {
+		return failedToDeleteServicesError(svcsFailedToBeDeleted)
+	}
+
+	return nil
+}
+
+// needsDelete will return true if the Service needs to be deleted to allow for cluster cleanup.
+func needsDelete(service *corev1.Service) bool {
+	if service.Spec.Type != corev1.ServiceTypeLoadBalancer ||
+		len(service.Status.LoadBalancer.Ingress) == 0 {
+		return false
+	}
+	return service.Status.LoadBalancer.Ingress[0].IP != "" ||
+		service.Status.LoadBalancer.Ingress[0].Hostname != ""
+}
+
+func waitForServiceDeletion(
+	ctx context.Context,
+	c client.Client,
+	service *corev1.Service,
+) error {
+	backoff := wait.Backoff{
+		Duration: 1 * time.Second,
+		Factor:   1.5,
+		Jitter:   0,
+		Steps:    13,
+	}
+	return wait.ExponentialBackoff(backoff, func() (bool, error) {
+		key := client.ObjectKey{
+			Namespace: service.Namespace,
+			Name:      service.Name,
+		}
+		err := c.Get(ctx, key, service)
+		if err != nil {
+			if apierrors.IsNotFound(err) {
+				return true, nil
+			}
+			return false, err
+		}
+		return false, nil
+	})
+}
+
+func failedToDeleteServicesError(svcsFailedToBeDeleted objectMetaList) error {
+	return fmt.Errorf("%w: the following Services could not be deleted "+
+		"and must cleaned up manually before deleting the cluster: %s",
+		ErrFailedToDeleteService,
+		svcsFailedToBeDeleted.asCommaSeparatedString(),
+	)
+}
+
+func ShouldDeleteServicesWithLoadBalancer(cluster *v1beta1.Cluster) (bool, error) {
+	// use the Cluster annotations to skip deleting
+	val, found := annotations.Get(cluster, constants.LoadBalancerGCAnnotation)
+	if !found {
+		val = "true"
+	}
+	shouldDeleteBasedOnAnnotation, err := strconv.ParseBool(val)
+	if err != nil {
+		return false, fmt.Errorf(
+			"converting value %s of annotation %s to bool: %w",
+			val,
+			constants.LoadBalancerGCAnnotation,
+			err,
+		)
+	}
+
+	// use the Cluster phase to determine if it's safe to skip deleting
+	//
+	// when ClusterPhasePending or ClusterPhaseProvisioning Kubernetes API has not been created
+	// and the user would not have been able to create any Kubernetes resources that would prevent cleanup
+	//nolint:lll // long URL cannot be split up
+	// https://github.com/kubernetes-sigs/cluster-api/blob/7f879be68d15737e335b6cb39d380d1d163e06e6/controllers/cluster_controller_phases.go#L44-L50
+	//
+	// when ClusterPhaseDeleting it's too late to try to cleanup
+	phase := cluster.Status.GetTypedPhase()
+	skipDeleteBasedOnPhase := phase == v1beta1.ClusterPhasePending ||
+		phase == v1beta1.ClusterPhaseProvisioning ||
+		phase == v1beta1.ClusterPhaseDeleting
+
+	// use the Cluster conditions to determine if the API server is even reachable
+	controlPlaneReachable := conditions.IsTrue(cluster, v1beta1.ControlPlaneInitializedCondition)
+
+	return shouldDeleteBasedOnAnnotation && controlPlaneReachable && !skipDeleteBasedOnPhase, nil
+}