Delete NamespaceRegistration with Real Phase (#217)

* fix delete namespaceregistration (run-int-tests) * fix delete namespaceregistration (run-int-tests) * fix delete namespaceregistration (run-int-tests) * fix delete namespaceregistration (run-int-tests) * fix delete namespaceregistration (run-int-tests) * real phase and last error for namespaceregistration (run-int-tests) * real phase and last error for namespaceregistration (run-int-tests) * real phase and last error for namespaceregistration (run-int-tests) * fix namespaceregistration (run-int-tests) * fix namespaceregistration (run-int-tests) * fix namespaceregistration (run-int-tests) * Phase constants * Error reasons * fix namespaceregistration (run-int-tests) * Requeue duration * Handle invalid name * Requeuing in unit test * Formatting (run-int-tests) * Deletion strategies * fix namespaceregistration (run-int-tests) * fix namespaceregistration (run-int-tests) * fix namespaceregistration (run-int-tests) * fix namespaceregistration * Constant for deletion strategy * Docu (run-int-tests) * Unit tests (run-int-tests) * Unit tests (run-int-tests) * Unit tests (run-int-tests) --------- Co-authored-by: Robert Graeff <[email protected]>
gardener · Sep 15, 2023 · 214d982 · 214d982
1 parent 36a8328
commit 214d982
Show file tree

Hide file tree

Showing 42 changed files with 1,402 additions and 99 deletions.
diff --git a/Makefile b/Makefile
@@ -26,7 +26,10 @@ format:
 	@$(REPO_ROOT)/hack/format.sh $(REPO_ROOT)/pkg $(REPO_ROOT)/cmd $(REPO_ROOT)/hack $(REPO_ROOT)/test $(REPO_ROOT)/integration-test/pkg
 
 .PHONY: check
-check: revendor
+check: revendor check-fast
+
+.PHONY: check-fast
+check-fast:
 	@$(REPO_ROOT)/hack/check.sh --golangci-lint-config=./.golangci.yaml $(REPO_ROOT)/cmd/... $(REPO_ROOT)/pkg/... $(REPO_ROOT)/hack/... $(REPO_ROOT)/test/...
 	@cd $(REPO_ROOT)/integration-test && $(REPO_ROOT)/hack/check.sh --golangci-lint-config=$(REPO_ROOT)/.golangci.yaml ./pkg/...
 

diff --git a/docs/architecture/architecture.md b/docs/architecture/architecture.md
@@ -248,21 +248,8 @@ The following image gives a more detailed descriptions of the involved roles, cl
 #### Controlling Customer Namespaces on the Resource-Shoot-Cluster
 
 A user, with access to the Resource-Shoot-Cluster as described before, is only allowed to create Landscaper resources 
-like Installations, Targets etc. in so-called customer namespaces. A customer namespace is a normal namespace on the
-Resource-Shoot-Cluster with a name starting with the prefix *cu-*. 
-
-To create such a namespace the user must create a 
-*[namespaceRegistration](../../pkg/apis/core/v1alpha1/types_namespaceregistration.go)* object in the namespace ls-user
-with the same name as the namespace. The following manifest for example would create a customer namespace *cu-test*:
-
-```yaml
-apiVersion: landscaper-service.gardener.cloud/v1alpha1
-kind: NamespaceRegistration
-metadata:
-  name: cu-test
-  namespace: ls-user
-spec: {}
-```
+like Installations, Targets etc. in so-called customer namespaces. More about customer namespaces could be found
+[here](../usage/Namespaceregistration.md)
 
 The controllers of ls-service-target-shoot-sidecar-server automatically creates the required roles, role-bindings etc. 
 for all entries in the `SubjectList` *subjects* in every newly created customer namespace (see the details in the image 

diff --git a/docs/usage/Namespaceregistration.md b/docs/usage/Namespaceregistration.md
@@ -0,0 +1,87 @@
+# NamespaceRegistrations
+
+A user, with access to the Resource-Shoot-Cluster as described before, is only allowed to create Landscaper resources
+like Installations, Targets etc. in so-called customer namespaces. A customer namespace is a normal namespace on the
+Resource-Shoot-Cluster with a name starting with the prefix `cu-`.
+
+## Creating a Customer Namespace
+
+To create such a customer namespace the user must create a
+*[NamespaceRegistration](../../pkg/apis/core/v1alpha1/types_namespaceregistration.go)* object in the namespace `ls-user`
+with the same name as the namespace. The following manifest for example would create a customer namespace `cu-test`:
+
+```yaml
+apiVersion: landscaper-service.gardener.cloud/v1alpha1
+kind: NamespaceRegistration
+metadata:
+  name: cu-test
+  namespace: ls-user
+spec: {}
+```
+
+When the creation of a customer namespace starts, the status of the `NamespaceRegistration` looks as follows:
+
+```yaml
+status:
+  phase: Creating
+```
+
+If the creation of a customer namespace was successful, the status of the `NamespaceRegistration` looks as follows:
+
+```yaml
+status:
+  phase: Completed
+```
+
+If the creation of a customer namespace fails, the status of the `NamespaceRegistration` looks as follows:
+
+```yaml
+status:
+  phase: Failed
+```
+
+In case of an error, you find the last error also in the status section: 
+
+```yaml
+status:
+  lastError: ...
+```
+
+If during the namespace creation a potentially sporadic error occurs, the creation operation is retried after 30 seconds. 
+
+## Deleting NamespaceRegistrations
+
+When deleting a `NamespaceRegistration` the corresponding namespace is deleted. There are three different deletion 
+strategies depending on the annotation `landscaper-service.gardener.cloud/on-delete-strategy` of the `NamespaceRegistration`:
+
+- **No annotation (default strategy)**:
+  - All root Installations with a "delete-without-uninstall" annotation 
+    ([see](https://github.com/gardener/landscaper/blob/master/docs/usage/Annotations.md#delete-without-uninstall-annotation))
+    are deleted.
+  - As long as there are still Installations in the namespace, the namespace is not deleted and this is written
+    into the field `status.lastError` of the `NamespaceRegistration`. This also means, if there are still installations 
+    without a "delete-without-uninstall" annotation, these have to be deleted by the customer itself.
+  - Is there are no Installations in the namespace anymore, all other resources in that namespace are removed and 
+    subsequently the namespace is deleted. If the customer has created resources with a custom finalizer, these have to be
+    removed before deleting a `NamespaceRegistration`. Otherwise, the final deletion might fail and requires manual
+    intervention. It is anyhow no good idea and should be prevented to create resources with custom finalizers in
+    a customer namespace.
+  - If something fails or installations are still in the namespace, the deletion is retried every 30 seconds.
+  - When the namespace has been deleted, the finalizer of the `NamespaceRegistration` is removed.
+
+- **Annotation "landscaper-service.gardener.cloud/on-delete-strategy=delete-all-installations"**:
+  - Same as the default strategy, but all root installations are deleted instead of only those with a  
+    "delete-without-uninstall" annotation.
+
+- **Annotation "landscaper-service.gardener.cloud/on-delete-strategy=delete-all-installations-without-uninstall"**:
+  - Same as the default strategy, but in a first step all root installations are annotated with the 
+    "delete-without-uninstall" annotation.
+
+When the deletion started, the status of the `NamespaceRegistration` looks as follows:
+
+```yaml
+status:
+  phase: Deleting
+```
+
+Potential problems are again stored in the field `status.lastError`. 
diff --git a/hack/setup-testenv.sh b/hack/setup-testenv.sh
@@ -30,7 +30,7 @@ ln -s "${KUBEBUILDER_ASSETS}" ${PROJECT_ROOT}/tmp/test/bin
 LANDSCAPER_APIS_VERSION=$(go list -m -mod=readonly -f {{.Version}}  github.com/gardener/landscaper/apis)
 LANDSCAPER_CRD_URL="https://raw.githubusercontent.com/gardener/landscaper/${LANDSCAPER_APIS_VERSION}/pkg/landscaper/crdmanager/crdresources"
 LANDSCAPER_CRD_DIR="${PROJECT_ROOT}/tmp/landscapercrd"
-LANDSCAPER_CRDS="landscaper.gardener.cloud_installations.yaml landscaper.gardener.cloud_targets.yaml landscaper.gardener.cloud_dataobjects.yaml landscaper.gardener.cloud_contexts.yaml landscaper.gardener.cloud_lshealthchecks.yaml"
+LANDSCAPER_CRDS="landscaper.gardener.cloud_installations.yaml landscaper.gardener.cloud_executions.yaml landscaper.gardener.cloud_deployitems.yaml landscaper.gardener.cloud_targetsyncs.yaml landscaper.gardener.cloud_targets.yaml landscaper.gardener.cloud_dataobjects.yaml landscaper.gardener.cloud_contexts.yaml landscaper.gardener.cloud_lshealthchecks.yaml"
 mkdir -p ${PROJECT_ROOT}/tmp/landscapercrd
 
 for crd in $LANDSCAPER_CRDS; do

diff --git a/...endor/github.com/gardener/landscaper-service/pkg/apis/core/types_namespaceregistration.go b/...endor/github.com/gardener/landscaper-service/pkg/apis/core/types_namespaceregistration.go
diff --git a/...on-test/vendor/github.com/gardener/landscaper-service/pkg/apis/core/v1alpha1/constants.go b/...on-test/vendor/github.com/gardener/landscaper-service/pkg/apis/core/v1alpha1/constants.go
diff --git a/...hub.com/gardener/landscaper-service/pkg/apis/core/v1alpha1/types_namespaceregistration.go b/...hub.com/gardener/landscaper-service/pkg/apis/core/v1alpha1/types_namespaceregistration.go
diff --git a/.../github.com/gardener/landscaper-service/pkg/apis/core/v1alpha1/zz_generated.conversion.go b/.../github.com/gardener/landscaper-service/pkg/apis/core/v1alpha1/zz_generated.conversion.go
diff --git a/...or/github.com/gardener/landscaper-service/pkg/apis/core/v1alpha1/zz_generated.deepcopy.go b/...or/github.com/gardener/landscaper-service/pkg/apis/core/v1alpha1/zz_generated.deepcopy.go
diff --git a/...test/vendor/github.com/gardener/landscaper-service/pkg/apis/core/zz_generated.deepcopy.go b/...test/vendor/github.com/gardener/landscaper-service/pkg/apis/core/zz_generated.deepcopy.go
diff --git a/integration-test/vendor/github.com/gardener/landscaper-service/pkg/utils/utils.go b/integration-test/vendor/github.com/gardener/landscaper-service/pkg/utils/utils.go
diff --git a/pkg/apis/.schemes/core-v1alpha1-NamespaceRegistration.json b/pkg/apis/.schemes/core-v1alpha1-NamespaceRegistration.json
@@ -1,6 +1,44 @@
 {
   "$schema": "https://json-schema.org/draft-07/schema#",
   "definitions": {
+    "core-v1alpha1-Error": {
+      "description": "Error holds information about an error that occurred.",
+      "type": "object",
+      "required": [
+        "operation",
+        "lastTransitionTime",
+        "lastUpdateTime",
+        "reason",
+        "message"
+      ],
+      "properties": {
+        "lastTransitionTime": {
+          "description": "Last time the condition transitioned from one status to another.",
+          "default": {},
+          "$ref": "#/definitions/meta-v1-Time"
+        },
+        "lastUpdateTime": {
+          "description": "Last time the condition was updated.",
+          "default": {},
+          "$ref": "#/definitions/meta-v1-Time"
+        },
+        "message": {
+          "description": "A human-readable message indicating details about the transition.",
+          "type": "string",
+          "default": ""
+        },
+        "operation": {
+          "description": "Operation describes the operator where the error occurred.",
+          "type": "string",
+          "default": ""
+        },
+        "reason": {
+          "description": "The reason for the condition's last transition.",
+          "type": "string",
+          "default": ""
+        }
+      }
+    },
     "core-v1alpha1-NamespaceRegistrationSpec": {
       "type": "object"
     },
@@ -10,6 +48,9 @@
         "phase"
       ],
       "properties": {
+        "lastError": {
+          "$ref": "#/definitions/core-v1alpha1-Error"
+        },
         "phase": {
           "type": "string",
           "default": ""

diff --git a/pkg/apis/core/types_namespaceregistration.go b/pkg/apis/core/types_namespaceregistration.go
@@ -34,6 +34,8 @@ type NamespaceRegistration struct {
 
 type NamespaceRegistrationStatus struct {
 	Phase string `json:"phase"`
+	// +optional
+	LastError *Error `json:"lastError,omitempty"`
 }
 
 type NamespaceRegistrationSpec struct {

diff --git a/pkg/apis/core/v1alpha1/constants.go b/pkg/apis/core/v1alpha1/constants.go
@@ -19,4 +19,8 @@ const (
 	// When set at landscaper deployments, the annotation will be inherited to the corresponding instance
 	// and prevents its reconciliation until removed.
 	LandscaperServiceOperationIgnore = "ignore"
+
+	LandscaperServiceOnDeleteStrategyAnnotation                             = "landscaper-service.gardener.cloud/on-delete-strategy"
+	LandscaperServiceOnDeleteStrategyDeleteAllInstallations                 = "delete-all-installations"
+	LandscaperServiceOnDeleteStrategyDeleteAllInstallationsWithoutUninstall = "delete-all-installations-without-uninstall"
 )
diff --git a/pkg/apis/core/v1alpha1/types_namespaceregistration.go b/pkg/apis/core/v1alpha1/types_namespaceregistration.go
@@ -35,6 +35,8 @@ type NamespaceRegistration struct {
 
 type NamespaceRegistrationStatus struct {
 	Phase string `json:"phase"`
+	// +optional
+	LastError *Error `json:"lastError,omitempty"`
 }
 
 type NamespaceRegistrationSpec struct {

diff --git a/pkg/apis/core/v1alpha1/zz_generated.conversion.go b/pkg/apis/core/v1alpha1/zz_generated.conversion.go
diff --git a/pkg/apis/core/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/core/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/apis/core/zz_generated.deepcopy.go b/pkg/apis/core/zz_generated.deepcopy.go