Add a finalizer on the InternalHubComponent

In some uninstallation situations, the finalizers on Policies and ConfigurationPolicies were not always resolved before the addons and the addon-controller were stopped. This resulted in resources and namespaces being stuck, and could cause issues during a re-install. Now, this addon-controller will manage a finalizer on the "grc" InternalHubCluster, to prevent the addon-controller from being stopped while policy ManagedClusterAddOns still exist. When the InternalHubComponent is present, anything that creates a ManagedClusterAddOn for this controller must ensure that they are deleted when the InterrnalHubComponent is deleted. This can be done with OwnerReferences. In RHACM, the klusterlet-addon-controller will do this. Refs: - https://issues.redhat.com/browse/ACM-14707 Signed-off-by: Justin Kulikauskas <[email protected]>
open-cluster-management-io · Jan 24, 2025 · 632b6ff · 632b6ff
1 parent 599b1ad
commit 632b6ff
Show file tree

Hide file tree

Showing 10 changed files with 423 additions and 161 deletions.
diff --git a/Makefile b/Makefile
@@ -304,8 +304,10 @@ e2e-debug: ## Collect debug logs from deployed clusters.
 install-resources: kustomize
 	@echo creating namespace
 	-kubectl create ns $(CONTROLLER_NAMESPACE)
-	# deploying roles and service account
-	kustomize build config/rbac | $(SED) "s/namespace: system/namespace: open-cluster-management/g" | kubectl -n $(CONTROLLER_NAMESPACE) apply -f -
+	@echo deploying roles and service account
+	kustomize build config/rbac | $(SED) "s/namespace: system/namespace: open-cluster-management/g" | kubectl -n $(CONTROLLER_NAMESPACE) apply -o yaml -f -
+	@echo deploying InternalHubComponent CRD
+	kubectl apply -f https://raw.githubusercontent.com/stolostron/multiclusterhub-operator/refs/heads/main/config/crd/bases/operator.open-cluster-management.io_internalhubcomponents.yaml
 
 .PHONY: kind-ensure-sa
 kind-ensure-sa: export KUBECONFIG=$(KIND_KUBECONFIG_SA)

diff --git a/build/manage-clusters.sh b/build/manage-clusters.sh
@@ -46,7 +46,7 @@ if [[ "${RUN_MODE}" == "create" || "${RUN_MODE}" == "create-dev" ]]; then
   KUBECONFIG=${KUBECONFIG_HUB} kubectl annotate ManagedCluster $CLUSTER_NAME --overwrite "addon.open-cluster-management.io/on-multicluster-hub=true"
 
   echo Generating the service account kubeconfig
-  make kind-controller-kubeconfig
+  KIND_KUBECONFIG=${KUBECONFIG_HUB} make kind-controller-kubeconfig
 fi
 
 # Deploy a variable number of managed clusters starting with cluster2

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -149,6 +149,25 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - operator.open-cluster-management.io
+  resourceNames:
+  - grc
+  resources:
+  - internalhubcomponents
+  verbs:
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - operator.open-cluster-management.io
+  resourceNames:
+  - grc
+  resources:
+  - internalhubcomponents/finalizers
+  verbs:
+  - update
 - apiGroups:
   - policy.open-cluster-management.io
   resources:

diff --git a/go.mod b/go.mod
@@ -6,24 +6,19 @@ require (
 	github.com/blang/semver/v4 v4.0.0
 	github.com/onsi/ginkgo/v2 v2.19.0
 	github.com/onsi/gomega v1.33.1
-	github.com/openshift/library-go v0.0.0-20240116081341-964bcb3f545c
+	github.com/openshift/library-go v0.0.0-20241202102934-afe5dcf92a32
 	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0
-	github.com/spf13/cobra v1.8.0
+	github.com/spf13/cobra v1.8.1
 	github.com/spf13/pflag v1.0.5
-	k8s.io/apimachinery v0.29.5
-	k8s.io/client-go v0.29.5
-	k8s.io/component-base v0.29.5
-	k8s.io/klog/v2 v2.120.1
+	github.com/stolostron/kubernetes-dependency-watches v0.10.0
+	k8s.io/apimachinery v0.31.1
+	k8s.io/client-go v0.31.1
+	k8s.io/component-base v0.31.1
+	k8s.io/klog/v2 v2.130.1
+	k8s.io/utils v0.0.0-20240921022957-49e7df575cb6
 	open-cluster-management.io/addon-framework v0.9.3-0.20240603141648-c8c2cd99a100
 	open-cluster-management.io/api v0.13.0
-	sigs.k8s.io/controller-runtime v0.17.5
-)
-
-require (
-	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
-	github.com/felixge/fgprof v0.9.3 // indirect
-	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
-	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
+	sigs.k8s.io/controller-runtime v0.19.0
 )
 
 require (
@@ -32,6 +27,7 @@ require (
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
+	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
@@ -44,23 +40,25 @@ require (
 	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
+	github.com/felixge/fgprof v0.9.4 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/ghodss/yaml v1.0.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/cel-go v0.17.8 // indirect
-	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/cel-go v0.20.1 // indirect
+	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20240528025155-186aa0362fba // indirect
+	github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
@@ -75,39 +73,40 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/openshift/api v0.0.0-20231218131639-7a5aa77cc72d // indirect
-	github.com/openshift/client-go v0.0.0-20231218140158-47f6d749b9d9 // indirect
+	github.com/openshift/api v0.0.0-20250108172834-78bd56dba39b // indirect
+	github.com/openshift/client-go v0.0.0-20241203091221-452dfb8fa071 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pkg/profile v1.7.0 // indirect
-	github.com/prometheus/client_golang v1.18.0 // indirect
+	github.com/prometheus/client_golang v1.19.1 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.45.0 // indirect
-	github.com/prometheus/procfs v0.15.0 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
 	github.com/stoewer/go-strcase v1.3.0 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
-	go.etcd.io/etcd/api/v3 v3.5.13 // indirect
-	go.etcd.io/etcd/client/pkg/v3 v3.5.13 // indirect
-	go.etcd.io/etcd/client/v3 v3.5.13 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect
-	go.opentelemetry.io/otel v1.27.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.14 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.5.14 // indirect
+	go.etcd.io/etcd/client/v3 v3.5.14 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
+	go.opentelemetry.io/otel v1.28.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect
-	go.opentelemetry.io/otel/metric v1.27.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.27.0 // indirect
-	go.opentelemetry.io/otel/trace v1.27.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.2.0 // indirect
+	go.opentelemetry.io/otel/metric v1.28.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.28.0 // indirect
+	go.opentelemetry.io/otel/trace v1.28.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/exp v0.0.0-20240525044651-4c93da0ed11d // indirect
 	golang.org/x/net v0.33.0 // indirect
-	golang.org/x/oauth2 v0.20.0 // indirect
+	golang.org/x/oauth2 v0.21.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect
 	golang.org/x/term v0.27.0 // indirect
@@ -116,22 +115,22 @@ require (
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/genproto v0.0.0-20240528155852-a33235495d66 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240528155852-a33235495d66 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240528155852-a33235495d66 // indirect
-	google.golang.org/grpc v1.64.0 // indirect
-	google.golang.org/protobuf v1.34.1 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
+	google.golang.org/grpc v1.65.0 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	helm.sh/helm/v3 v3.14.4 // indirect; CVE-2024-26147: >=v3.14.2
-	k8s.io/api v0.29.5 // indirect
-	k8s.io/apiextensions-apiserver v0.29.5 // indirect
-	k8s.io/apiserver v0.29.5 // indirect
-	k8s.io/kms v0.29.5 // indirect
-	k8s.io/kube-aggregator v0.29.5 // indirect
+	k8s.io/api v0.31.1 // indirect
+	k8s.io/apiextensions-apiserver v0.31.1 // indirect
+	k8s.io/apiserver v0.31.1 // indirect
+	k8s.io/kms v0.31.1 // indirect
+	k8s.io/kube-aggregator v0.31.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect
-	k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect
 	open-cluster-management.io/sdk-go v0.13.1-0.20240416062924-20307e6fe090 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect