From a1ee4142f9f55accb2d561e36db0bc31eb467502 Mon Sep 17 00:00:00 2001 From: Rui Fu Date: Tue, 24 Oct 2023 16:37:56 +0800 Subject: [PATCH 1/3] fix permission for cleanup on OLM installation --- config/rbac/role.yaml | 24 ++++++++++++++++++++++++ controllers/function_controller.go | 2 ++ controllers/sink_controller.go | 3 +++ controllers/source_controller.go | 3 +++ 4 files changed, 32 insertions(+) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index d35761a72..aa94960e2 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -163,6 +163,30 @@ rules: - get - list - update +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - "" resources: diff --git a/controllers/function_controller.go b/controllers/function_controller.go index d6f09e1b4..5b390ba34 100644 --- a/controllers/function_controller.go +++ b/controllers/function_controller.go @@ -59,6 +59,8 @@ type FunctionReconciler struct { // +kubebuilder:rbac:groups=batch,resources=jobs,verbs=get;list;watch;create;update;delete // +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core,resources=pods/exec,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=autoscaling,resources=horizontalpodautoscalers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=autoscaling.k8s.io,resources=verticalpodautoscalers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;create;update;delete diff --git a/controllers/sink_controller.go b/controllers/sink_controller.go index 348105a64..3c2718c4b 100644 --- a/controllers/sink_controller.go +++ b/controllers/sink_controller.go @@ -58,6 +58,9 @@ type SinkReconciler struct { // +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=batch,resources=jobs,verbs=get;list;watch;create;update;delete // +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core,resources=pods/exec,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=autoscaling,resources=horizontalpodautoscalers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=autoscaling.k8s.io,resources=verticalpodautoscalers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;create;update;delete diff --git a/controllers/source_controller.go b/controllers/source_controller.go index a2d7dfcce..461e3146f 100644 --- a/controllers/source_controller.go +++ b/controllers/source_controller.go @@ -57,6 +57,9 @@ type SourceReconciler struct { // +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=batch,resources=jobs,verbs=get;list;watch;create;update;delete // +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core,resources=pods/exec,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=autoscaling,resources=horizontalpodautoscalers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=autoscaling.k8s.io,resources=verticalpodautoscalers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;create;update;delete From 5f675736a3105e6792d4b2bdb9ce0dfc3594d099 Mon Sep 17 00:00:00 2001 From: Rui Fu Date: Tue, 24 Oct 2023 17:30:31 +0800 Subject: [PATCH 2/3] address child pods are preserved by default when jobs are deleted warning --- controllers/function.go | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/controllers/function.go b/controllers/function.go index b2bb238bc..2831e245d 100644 --- a/controllers/function.go +++ b/controllers/function.go @@ -20,6 +20,8 @@ package controllers import ( "context" + "sigs.k8s.io/controller-runtime/pkg/client" + autoscalingv2beta2 "k8s.io/api/autoscaling/v2beta2" "github.com/streamnative/function-mesh/api/compute/v1alpha1" @@ -334,6 +336,10 @@ func (r *FunctionReconciler) ApplyFunctionVPA(ctx context.Context, function *v1a } func (r *FunctionReconciler) ApplyFunctionCleanUpJob(ctx context.Context, function *v1alpha1.Function) error { + backgroundDeletion := metav1.DeletePropagationBackground + var deleteOptions client.DeleteOption = &client.DeleteOptions{ + PropagationPolicy: &backgroundDeletion, + } if !spec.NeedCleanup(function) { desiredJob := spec.MakeFunctionCleanUpJob(function) if err := r.Delete(ctx, desiredJob); err != nil { @@ -380,7 +386,7 @@ func (r *FunctionReconciler) ApplyFunctionCleanUpJob(ctx context.Context, functi } } else { // delete the cleanup job - if err := r.Delete(ctx, desiredJob); err != nil { + if err := r.Delete(ctx, desiredJob, deleteOptions); err != nil { return err } } @@ -395,10 +401,9 @@ func (r *FunctionReconciler) ApplyFunctionCleanUpJob(ctx context.Context, functi desiredJob := spec.MakeFunctionCleanUpJob(function) // delete the cleanup job - if err := r.Delete(ctx, desiredJob); err != nil { + if err := r.Delete(ctx, desiredJob, deleteOptions); err != nil { return err } - } } return nil From dd128d66b346c9f3c73823d8288ff2e847c1176f Mon Sep 17 00:00:00 2001 From: Rui Fu Date: Tue, 24 Oct 2023 17:44:00 +0800 Subject: [PATCH 3/3] address getBackgroundDeletionPolicy() to all controllers --- controllers/common.go | 8 ++++++++ controllers/function.go | 12 +++--------- controllers/sink.go | 6 +++--- controllers/source.go | 6 +++--- 4 files changed, 17 insertions(+), 15 deletions(-) diff --git a/controllers/common.go b/controllers/common.go index 17df619e6..9ee47e8a3 100644 --- a/controllers/common.go +++ b/controllers/common.go @@ -336,3 +336,11 @@ func ConvertHPAV2ToV2beta2(hpa *autov2.HorizontalPodAutoscaler) *autoscalingv2be return result } + +func getBackgroundDeletionPolicy() client.DeleteOption { + backgroundDeletion := metav1.DeletePropagationBackground + var deleteOptions client.DeleteOption = &client.DeleteOptions{ + PropagationPolicy: &backgroundDeletion, + } + return deleteOptions +} diff --git a/controllers/function.go b/controllers/function.go index 2831e245d..0baeb716e 100644 --- a/controllers/function.go +++ b/controllers/function.go @@ -20,8 +20,6 @@ package controllers import ( "context" - "sigs.k8s.io/controller-runtime/pkg/client" - autoscalingv2beta2 "k8s.io/api/autoscaling/v2beta2" "github.com/streamnative/function-mesh/api/compute/v1alpha1" @@ -336,13 +334,9 @@ func (r *FunctionReconciler) ApplyFunctionVPA(ctx context.Context, function *v1a } func (r *FunctionReconciler) ApplyFunctionCleanUpJob(ctx context.Context, function *v1alpha1.Function) error { - backgroundDeletion := metav1.DeletePropagationBackground - var deleteOptions client.DeleteOption = &client.DeleteOptions{ - PropagationPolicy: &backgroundDeletion, - } if !spec.NeedCleanup(function) { desiredJob := spec.MakeFunctionCleanUpJob(function) - if err := r.Delete(ctx, desiredJob); err != nil { + if err := r.Delete(ctx, desiredJob, getBackgroundDeletionPolicy()); err != nil { if errors.IsNotFound(err) { return nil } @@ -386,7 +380,7 @@ func (r *FunctionReconciler) ApplyFunctionCleanUpJob(ctx context.Context, functi } } else { // delete the cleanup job - if err := r.Delete(ctx, desiredJob, deleteOptions); err != nil { + if err := r.Delete(ctx, desiredJob, getBackgroundDeletionPolicy()); err != nil { return err } } @@ -401,7 +395,7 @@ func (r *FunctionReconciler) ApplyFunctionCleanUpJob(ctx context.Context, functi desiredJob := spec.MakeFunctionCleanUpJob(function) // delete the cleanup job - if err := r.Delete(ctx, desiredJob, deleteOptions); err != nil { + if err := r.Delete(ctx, desiredJob, getBackgroundDeletionPolicy()); err != nil { return err } } diff --git a/controllers/sink.go b/controllers/sink.go index 5686d0714..874e9abde 100644 --- a/controllers/sink.go +++ b/controllers/sink.go @@ -332,7 +332,7 @@ func (r *SinkReconciler) ApplySinkVPA(ctx context.Context, sink *v1alpha1.Sink) func (r *SinkReconciler) ApplySinkCleanUpJob(ctx context.Context, sink *v1alpha1.Sink) error { if !spec.NeedCleanup(sink) { desiredJob := spec.MakeSinkCleanUpJob(sink) - if err := r.Delete(ctx, desiredJob); err != nil { + if err := r.Delete(ctx, desiredJob, getBackgroundDeletionPolicy()); err != nil { if errors.IsNotFound(err) { return nil } @@ -376,7 +376,7 @@ func (r *SinkReconciler) ApplySinkCleanUpJob(ctx context.Context, sink *v1alpha1 } } else { // delete the cleanup job - if err := r.Delete(ctx, desiredJob); err != nil { + if err := r.Delete(ctx, desiredJob, getBackgroundDeletionPolicy()); err != nil { return err } } @@ -391,7 +391,7 @@ func (r *SinkReconciler) ApplySinkCleanUpJob(ctx context.Context, sink *v1alpha1 desiredJob := spec.MakeSinkCleanUpJob(sink) // delete the cleanup job - if err := r.Delete(ctx, desiredJob); err != nil { + if err := r.Delete(ctx, desiredJob, getBackgroundDeletionPolicy()); err != nil { return err } diff --git a/controllers/source.go b/controllers/source.go index d4f5940c0..eddcba3dc 100644 --- a/controllers/source.go +++ b/controllers/source.go @@ -334,7 +334,7 @@ func (r *SourceReconciler) ApplySourceVPA(ctx context.Context, source *v1alpha1. func (r *SourceReconciler) ApplySourceCleanUpJob(ctx context.Context, source *v1alpha1.Source) error { if !spec.NeedCleanup(source) { desiredJob := spec.MakeSourceCleanUpJob(source) - if err := r.Delete(ctx, desiredJob); err != nil { + if err := r.Delete(ctx, desiredJob, getBackgroundDeletionPolicy()); err != nil { if errors.IsNotFound(err) { return nil } @@ -378,7 +378,7 @@ func (r *SourceReconciler) ApplySourceCleanUpJob(ctx context.Context, source *v1 } } else { // delete the cleanup job - if err := r.Delete(ctx, desiredJob); err != nil { + if err := r.Delete(ctx, desiredJob, getBackgroundDeletionPolicy()); err != nil { return err } } @@ -393,7 +393,7 @@ func (r *SourceReconciler) ApplySourceCleanUpJob(ctx context.Context, source *v1 desiredJob := spec.MakeSourceCleanUpJob(source) // delete the cleanup job - if err := r.Delete(ctx, desiredJob); err != nil { + if err := r.Delete(ctx, desiredJob, getBackgroundDeletionPolicy()); err != nil { return err }