Don't create PodInfo if the pod is being deleted

[ upstream commit be19aeb ] Check if the pod has DeletionTimestamp field set before reconciling to avoid the situation where pod deletion gets stuck because Tetragon operator recreates PodInfo during pod deletion. Signed-off-by: Michi Mutsuzaki <[email protected]>
cilium · May 15, 2024 · d90cb4d · d90cb4d
1 parent 6b6de2d
commit d90cb4d
Show file tree

Hide file tree

Showing 8 changed files with 1,681 additions and 0 deletions.
diff --git a/operator/podinfo/podinfo_controller.go b/operator/podinfo/podinfo_controller.go
@@ -43,6 +43,10 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 		// Pod is deleted. Nothing to reconcile.
 		return ctrl.Result{}, nil
 	}
+	if pod.GetDeletionTimestamp() != nil {
+		// Pod is being deleted. Nothing to reconcile.
+		return ctrl.Result{}, nil
+	}
 
 	// Wait until the necessary pod fields are available.
 	if !hasAllRequiredFields(pod) {

diff --git a/operator/podinfo/podinfo_controller_test.go b/operator/podinfo/podinfo_controller_test.go
@@ -4,6 +4,7 @@
 package podinfo
 
 import (
+	"context"
 	"crypto/rand"
 	"fmt"
 	"math/big"
@@ -14,8 +15,14 @@ import (
 	"github.com/cilium/tetragon/pkg/process"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/uuid"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 )
 
 var letterRunes = []rune("abcdefghijklmnopqrstuvwxyz")
@@ -275,3 +282,36 @@ func TestEqual(t *testing.T) {
 		})
 	})
 }
+
+func TestReconcile(t *testing.T) {
+	pod := randomPodGenerator()
+	client := getClientBuilder().WithObjects(pod).Build()
+	reconciler := Reconciler{client}
+	namespacedName := types.NamespacedName{Namespace: pod.Namespace, Name: pod.Name}
+	res, err := reconciler.Reconcile(context.Background(), ctrl.Request{NamespacedName: namespacedName})
+	assert.NoError(t, err)
+	assert.False(t, res.Requeue)
+	assert.NoError(t, client.Get(context.Background(), namespacedName, &ciliumv1alpha1.PodInfo{}))
+}
+
+func TestReconcileWithDeletionTimestamp(t *testing.T) {
+	pod := randomPodGenerator()
+	pod.SetFinalizers([]string{"finalize-it"})
+	deletionTimestamp := metav1.Now()
+	pod.SetDeletionTimestamp(&deletionTimestamp)
+	client := getClientBuilder().WithObjects(pod).Build()
+	reconciler := Reconciler{client}
+	namespacedName := types.NamespacedName{Namespace: pod.Namespace, Name: pod.Name}
+	res, err := reconciler.Reconcile(context.Background(), ctrl.Request{NamespacedName: namespacedName})
+	assert.NoError(t, err)
+	assert.False(t, res.Requeue)
+	err = client.Get(context.Background(), namespacedName, &ciliumv1alpha1.PodInfo{})
+	assert.True(t, errors.IsNotFound(err))
+}
+
+func getClientBuilder() *fake.ClientBuilder {
+	scheme := runtime.NewScheme()
+	utilruntime.Must(corev1.AddToScheme(scheme))
+	utilruntime.Must(ciliumv1alpha1.AddToScheme(scheme))
+	return fake.NewClientBuilder().WithScheme(scheme)
+}
diff --git a/vendor/k8s.io/apimachinery/pkg/util/rand/rand.go b/vendor/k8s.io/apimachinery/pkg/util/rand/rand.go
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -1155,6 +1155,7 @@ k8s.io/apimachinery/pkg/util/managedfields/internal
 k8s.io/apimachinery/pkg/util/mergepatch
 k8s.io/apimachinery/pkg/util/naming
 k8s.io/apimachinery/pkg/util/net
+k8s.io/apimachinery/pkg/util/rand
 k8s.io/apimachinery/pkg/util/remotecommand
 k8s.io/apimachinery/pkg/util/runtime
 k8s.io/apimachinery/pkg/util/sets
@@ -1612,6 +1613,8 @@ sigs.k8s.io/controller-runtime/pkg/certwatcher/metrics
 sigs.k8s.io/controller-runtime/pkg/client
 sigs.k8s.io/controller-runtime/pkg/client/apiutil
 sigs.k8s.io/controller-runtime/pkg/client/config
+sigs.k8s.io/controller-runtime/pkg/client/fake
+sigs.k8s.io/controller-runtime/pkg/client/interceptor
 sigs.k8s.io/controller-runtime/pkg/cluster
 sigs.k8s.io/controller-runtime/pkg/config
 sigs.k8s.io/controller-runtime/pkg/config/v1alpha1
@@ -1628,6 +1631,7 @@ sigs.k8s.io/controller-runtime/pkg/internal/field/selector
 sigs.k8s.io/controller-runtime/pkg/internal/flock
 sigs.k8s.io/controller-runtime/pkg/internal/httpserver
 sigs.k8s.io/controller-runtime/pkg/internal/log
+sigs.k8s.io/controller-runtime/pkg/internal/objectutil
 sigs.k8s.io/controller-runtime/pkg/internal/recorder
 sigs.k8s.io/controller-runtime/pkg/internal/source
 sigs.k8s.io/controller-runtime/pkg/internal/testing/addr