From 3670be584dd72938f6852d6c2454928ff0cae498 Mon Sep 17 00:00:00 2001 From: Pierangelo Di Pilato Date: Mon, 9 Oct 2023 17:49:03 +0200 Subject: [PATCH] Improve KnativeEventing finalization for TLS resources (#1590) For optional resources like cert-manager's Certificates and Issuers, we don't want to fail finalization when such operators are not installed, so during finalization, we split the resources in - optional resources (TLS resources, etc) - resources (core k8s resources) Then, we delete `resources` first and after we delete optional resources while also ignoring errors returned when such operators are not instaled. Signed-off-by: Pierangelo Di Pilato --- .../knativeeventing/eventing_tls.go | 6 ++++-- .../knativeeventing/knativeeventing.go | 21 ++++++++++++++++++- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/pkg/reconciler/knativeeventing/eventing_tls.go b/pkg/reconciler/knativeeventing/eventing_tls.go index bc33620718..264101d58d 100644 --- a/pkg/reconciler/knativeeventing/eventing_tls.go +++ b/pkg/reconciler/knativeeventing/eventing_tls.go @@ -30,6 +30,10 @@ import ( "knative.dev/operator/pkg/apis/operator/v1beta1" ) +var ( + tlsResourcesPred = byGroup("cert-manager.io") +) + func (r *Reconciler) handleTLSResources(ctx context.Context, manifests *mf.Manifest, comp base.KComponent) error { instance := comp.(*v1beta1.KnativeEventing) @@ -37,8 +41,6 @@ func (r *Reconciler) handleTLSResources(ctx context.Context, manifests *mf.Manif return nil } - tlsResourcesPred := byGroup("cert-manager.io") - // Delete TLS resources (if present) toBeDeleted := manifests.Filter(tlsResourcesPred) if err := toBeDeleted.Delete(mf.IgnoreNotFound(true)); err != nil && !meta.IsNoMatchError(err) { diff --git a/pkg/reconciler/knativeeventing/knativeeventing.go b/pkg/reconciler/knativeeventing/knativeeventing.go index b93ebc1a91..30a0ac811f 100644 --- a/pkg/reconciler/knativeeventing/knativeeventing.go +++ b/pkg/reconciler/knativeeventing/knativeeventing.go @@ -21,6 +21,7 @@ import ( "fmt" mf "github.com/manifestival/manifestival" + "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" @@ -90,9 +91,27 @@ func (r *Reconciler) FinalizeKind(ctx context.Context, original *v1beta1.Knative return nil } - if err = common.Uninstall(manifest); err != nil { + // For optional resources like cert-manager's Certificates and Issuers, we don't want to fail + // finalization when such operator is not installed, so we split the resources in + // - optional resources (TLS resources, etc) + // - resources (core k8s resources) + // + // Then, we delete `resources` first and after we delete optional resources while also ignoring + // errors returned when such operators are not installed. + + optionalResourcesPred := mf.Any(tlsResourcesPred) + + optionalResources := manifest.Filter(optionalResourcesPred) + resources := manifest.Filter(mf.Not(optionalResourcesPred)) + + if err = common.Uninstall(&resources); err != nil { logger.Error("Failed to finalize platform resources", err) } + + if err := common.Uninstall(&optionalResources); err != nil && !meta.IsNoMatchError(err) { + logger.Error("Failed to finalize platform resources", err) + } + return nil }