Prepare for the removal of the ownerChecks field (gardener#7951)

* Remove the validation for the `ownerChecks` field Co-authored-by: ialidzhikov <i.alidjikov@gmail.com> * Remove the defaulting for the `ownerChecks` field Co-authored-by: ialidzhikov <i.alidjikov@gmail.com> * Set the `ownerChecks` field to nil in Seed's Strategy Canonicalize Co-authored-by: ialidzhikov <i.alidjikov@gmail.com> * Update the doc string of the `ownerChecks` field Co-authored-by: ialidzhikov <i.alidjikov@gmail.com> * Drop the owner DNSRecord functionality from the Shoot reconciliation, deletion and migration flows Co-authored-by: ialidzhikov <i.alidjikov@gmail.com> * Drop the `ownerChecks` field from the examples Co-authored-by: ialidzhikov <i.alidjikov@gmail.com> * Drop the `ownerChecks` field from the tests Co-authored-by: ialidzhikov <i.alidjikov@gmail.com> * Drop the `ownerChecks` field from the docs Co-authored-by: ialidzhikov <i.alidjikov@gmail.com> --------- Co-authored-by: ialidzhikov <i.alidjikov@gmail.com>
nickytd · Jun 16, 2023 · 54f9bf8 · 54f9bf8
1 parent 26d46b4
commit 54f9bf8
Show file tree

Hide file tree

Showing 38 changed files with 67 additions and 568 deletions.
diff --git a/docs/api-reference/core.md b/docs/api-reference/core.md
@@ -9243,8 +9243,7 @@ Defaults to &ldquo;Cluster&rdquo;.</p>
 <p>
 <p>SeedSettingOwnerChecks controls certain owner checks settings for shoots scheduled on this seed.</p>
 <p>Deprecated: This field is deprecated. The &ldquo;bad-case&rdquo; control plane migration is being removed in favor of the HA Shoot control planes (see <a href="https://github.com/gardener/gardener/issues/6302">https://github.com/gardener/gardener/issues/6302</a>).
-The field is locked to false (i.e. if the field value is true a validation error will be returned). In this way gardenlet will clean up all owner DNSRecords.
-Finally, the field will be removed from the API in a future version of Gardener.</p>
+The field is no-op and will be removed in a future version.</p>
 </p>
 <table>
 <thead>

diff --git a/docs/usage/seed_settings.md b/docs/usage/seed_settings.md
@@ -109,15 +109,6 @@ By setting the `.spec.settings.verticalPodAutoscaler.enabled=false`, you can dis
 
 ⚠️ In any case, there must be a VPA available for your seed cluster. Using a seed without VPA is not supported.
 
-## Owner Checks
-
-> Note: The owner checks are deprecated. The "bad-case" control plane migration is being removed in favor of the HA Shoot control planes (see https://github.com/gardener/gardener/issues/6302). The field will be locked to `false` in a future version of Gardener. In this way gardenlet will clean up all owner DNSRecords. Finally, the field will be removed from the API. Set this field to `false` to be prepared for the above-mentioned locking.
-
-When a shoot is scheduled to a seed and actually reconciled, Gardener appoints the seed as the current "owner" of the shoot by creating a special "owner DNS record" and checking against it if the seed still owns the shoot in order to guard against "split brain scenario" during control plane migration, as described in [GEP-17 Shoot Control Plane Migration "Bad Case" Scenario](../proposals/17-shoot-control-plane-migration-bad-case.md).
-This mechanism relies on the DNS resolution of TXT DNS records being possible and highly reliable, since if the owner check fails, the shoot will be effectively disabled for the duration of the failure.
-In environments where resolving TXT DNS records is either not possible or not considered reliable enough, it may be necessary to disable the owner check mechanism, in order to avoid shoots failing to reconcile or temporary outages due to transient DNS failures.
-By setting the `.spec.settings.ownerChecks.enabled=false` (default is `true`), the creation and checking of owner DNS records can be disabled for all shoots scheduled on this seed. Note that if owner checks are disabled, migrating shoots scheduled on this seed to other seeds should be considered unsafe, and in the future will be disabled as well.
-
 ## Topology-Aware Traffic Routing
 
 Refer to the [Topology-Aware Traffic Routing documentation](./topology_aware_routing.md) as this document contains the documentation for the topology-aware routing Seed setting.
diff --git a/example/50-seed.yaml b/example/50-seed.yaml
@@ -74,8 +74,6 @@ spec:
   #     externalTrafficPolicy: Local
     verticalPodAutoscaler:
       enabled: true # a Gardener-managed VPA deployment is enabled
-    ownerChecks:
-      enabled: false # owner checks are disabled for shoots scheduled on this seed
     topologyAwareRouting:
       enabled: true # certain Services deployed in the seed will be topology-aware
 # taints:

diff --git a/example/gardener-local/gardenlet/values.yaml b/example/gardener-local/gardenlet/values.yaml
@@ -93,8 +93,6 @@ config:
       settings:
         excessCapacityReservation:
           enabled: false
-        ownerChecks:
-          enabled: false
         scheduling:
           visible: true
         verticalPodAutoscaler:

diff --git a/example/provider-extensions/gardenlet/values.yaml.tmpl b/example/provider-extensions/gardenlet/values.yaml.tmpl
@@ -48,8 +48,6 @@ config:
             enabled: true
         excessCapacityReservation:
           enabled: false
-        ownerChecks:
-          enabled: false
         scheduling:
           visible: true
         verticalPodAutoscaler:

diff --git a/example/provider-local/managedseeds/managedseed.yaml b/example/provider-local/managedseeds/managedseed.yaml
@@ -15,8 +15,6 @@ spec:
           settings:
             excessCapacityReservation:
               enabled: false
-            ownerChecks:
-              enabled: false
             scheduling:
               visible: false
             verticalPodAutoscaler:

diff --git a/example/provider-local/seed-kind-ha-multi-zone/local/seed.yaml b/example/provider-local/seed-kind-ha-multi-zone/local/seed.yaml
@@ -39,8 +39,6 @@ spec:
   settings:
     excessCapacityReservation:
       enabled: false
-    ownerChecks:
-      enabled: false
     scheduling:
       visible: true
     verticalPodAutoscaler:

diff --git a/example/provider-local/seed-kind-ha-single-zone/local/seed.yaml b/example/provider-local/seed-kind-ha-single-zone/local/seed.yaml
@@ -37,8 +37,6 @@ spec:
   settings:
     excessCapacityReservation:
       enabled: false
-    ownerChecks:
-      enabled: false
     scheduling:
       visible: true
     verticalPodAutoscaler:

diff --git a/example/provider-local/seed-kind/local/seed.yaml b/example/provider-local/seed-kind/local/seed.yaml
@@ -37,8 +37,6 @@ spec:
   settings:
     excessCapacityReservation:
       enabled: false
-    ownerChecks:
-      enabled: false
     scheduling:
       visible: true
     verticalPodAutoscaler:

diff --git a/pkg/apis/core/helper/helpers.go b/pkg/apis/core/helper/helpers.go
@@ -203,11 +203,6 @@ func SeedSettingSchedulingVisible(settings *core.SeedSettings) bool {
 	return settings == nil || settings.Scheduling == nil || settings.Scheduling.Visible
 }
 
-// SeedSettingOwnerChecksEnabled returns true if the 'ownerChecks' setting is enabled.
-func SeedSettingOwnerChecksEnabled(settings *core.SeedSettings) bool {
-	return settings != nil && settings.OwnerChecks != nil && settings.OwnerChecks.Enabled
-}
-
 // SeedSettingTopologyAwareRoutingEnabled returns true if the topology-aware routing is enabled.
 func SeedSettingTopologyAwareRoutingEnabled(settings *core.SeedSettings) bool {
 	return settings != nil && settings.TopologyAwareRouting != nil && settings.TopologyAwareRouting.Enabled

diff --git a/pkg/apis/core/helper/helpers_test.go b/pkg/apis/core/helper/helpers_test.go
@@ -510,17 +510,6 @@ var _ = Describe("helper", func() {
 		Entry("scheduling 'visible' is true", &core.SeedSettings{Scheduling: &core.SeedSettingScheduling{Visible: true}}, true),
 	)
 
-	DescribeTable("#SeedSettingOwnerChecksEnabled",
-		func(settings *core.SeedSettings, expected bool) {
-			Expect(SeedSettingOwnerChecksEnabled(settings)).To(Equal(expected))
-		},
-
-		Entry("no settings", nil, false),
-		Entry("no owner checks setting", &core.SeedSettings{}, false),
-		Entry("owner checks enabled", &core.SeedSettings{OwnerChecks: &core.SeedSettingOwnerChecks{Enabled: true}}, true),
-		Entry("owner checks disabled", &core.SeedSettings{OwnerChecks: &core.SeedSettingOwnerChecks{Enabled: false}}, false),
-	)
-
 	DescribeTable("#SeedSettingTopologyAwareRoutingEnabled",
 		func(settings *core.SeedSettings, expected bool) {
 			Expect(SeedSettingTopologyAwareRoutingEnabled(settings)).To(Equal(expected))

diff --git a/pkg/apis/core/types_seed.go b/pkg/apis/core/types_seed.go
@@ -208,8 +208,7 @@ type SeedSettings struct {
 	// SeedSettingOwnerChecks controls certain owner checks settings for shoots scheduled on this seed.
 	//
 	// Deprecated: This field is deprecated. The "bad-case" control plane migration is being removed in favor of the HA Shoot control planes (see https://github.com/gardener/gardener/issues/6302).
-	// The field is locked to false (i.e. if the field value is true a validation error will be returned). In this way gardenlet will clean up all owner DNSRecords.
-	// Finally, the field will be removed from the API in a future version of Gardener.
+	// The field is no-op and will be removed in a future version.
 	OwnerChecks *SeedSettingOwnerChecks
 	// DependencyWatchdog controls certain settings for the dependency-watchdog components deployed in the seed.
 	DependencyWatchdog *SeedSettingDependencyWatchdog
@@ -271,8 +270,7 @@ type SeedSettingVerticalPodAutoscaler struct {
 // SeedSettingOwnerChecks controls certain owner checks settings for shoots scheduled on this seed.
 //
 // Deprecated: This field is deprecated. The "bad-case" control plane migration is being removed in favor of the HA Shoot control planes (see https://github.com/gardener/gardener/issues/6302).
-// The field is locked to false (i.e. if the field value is true a validation error will be returned). In this way gardenlet will clean up all owner DNSRecords.
-// Finally, the field will be removed from the API in a future version of Gardener.
+// The field is no-op and will be removed in a future version.
 type SeedSettingOwnerChecks struct {
 	// Enabled controls whether owner checks are enabled for shoots scheduled on this seed.
 	Enabled bool

diff --git a/pkg/apis/core/v1beta1/constants/types_constants.go b/pkg/apis/core/v1beta1/constants/types_constants.go
@@ -709,8 +709,6 @@ const (
 	DNSRecordInternalName = "internal"
 	// DNSRecordExternalName is a constant for DNSRecord objects used for the external domain name.
 	DNSRecordExternalName = "external"
-	// DNSRecordOwnerName is a constant for DNSRecord objects used for the owner domain name.
-	DNSRecordOwnerName = "owner"
 
 	// ArchitectureAMD64 is a constant for the 'amd64' architecture.
 	ArchitectureAMD64 = "amd64"

diff --git a/pkg/apis/core/v1beta1/defaults.go b/pkg/apis/core/v1beta1/defaults.go
@@ -64,10 +64,6 @@ func SetDefaults_Seed(obj *Seed) {
 		obj.Spec.Settings.VerticalPodAutoscaler = &SeedSettingVerticalPodAutoscaler{Enabled: true}
 	}
 
-	if obj.Spec.Settings.OwnerChecks == nil {
-		obj.Spec.Settings.OwnerChecks = &SeedSettingOwnerChecks{Enabled: false}
-	}
-
 	if obj.Spec.Settings.DependencyWatchdog == nil {
 		obj.Spec.Settings.DependencyWatchdog = &SeedSettingDependencyWatchdog{}
 	}

diff --git a/pkg/apis/core/v1beta1/defaults_test.go b/pkg/apis/core/v1beta1/defaults_test.go
@@ -43,7 +43,6 @@ var _ = Describe("Defaults", func() {
 			Expect(obj.Spec.Settings.ExcessCapacityReservation.Enabled).To(BeTrue())
 			Expect(obj.Spec.Settings.Scheduling.Visible).To(BeTrue())
 			Expect(obj.Spec.Settings.VerticalPodAutoscaler.Enabled).To(BeTrue())
-			Expect(obj.Spec.Settings.OwnerChecks.Enabled).To(BeFalse())
 			Expect(obj.Spec.Settings.TopologyAwareRouting.Enabled).To(BeFalse())
 		})
 
@@ -61,7 +60,6 @@ var _ = Describe("Defaults", func() {
 			Expect(obj.Spec.Settings.ExcessCapacityReservation.Enabled).To(BeTrue())
 			Expect(obj.Spec.Settings.Scheduling.Visible).To(BeTrue())
 			Expect(obj.Spec.Settings.VerticalPodAutoscaler.Enabled).To(BeTrue())
-			Expect(obj.Spec.Settings.OwnerChecks.Enabled).To(BeFalse())
 			Expect(obj.Spec.Settings.TopologyAwareRouting.Enabled).To(BeFalse())
 			Expect(obj.Spec.Taints).To(HaveLen(3))
 			Expect(obj.Spec.Taints).To(Equal(taints))
@@ -75,7 +73,6 @@ var _ = Describe("Defaults", func() {
 				excessCapacityReservation = false
 				scheduling                = true
 				vpaEnabled                = false
-				ownerChecks               = true
 			)
 
 			obj.Spec.Settings = &SeedSettings{
@@ -89,7 +86,6 @@ var _ = Describe("Defaults", func() {
 				ExcessCapacityReservation: &SeedSettingExcessCapacityReservation{Enabled: excessCapacityReservation},
 				Scheduling:                &SeedSettingScheduling{Visible: scheduling},
 				VerticalPodAutoscaler:     &SeedSettingVerticalPodAutoscaler{Enabled: vpaEnabled},
-				OwnerChecks:               &SeedSettingOwnerChecks{Enabled: ownerChecks},
 			}
 
 			SetObjectDefaults_Seed(obj)
@@ -99,7 +95,6 @@ var _ = Describe("Defaults", func() {
 			Expect(obj.Spec.Settings.ExcessCapacityReservation.Enabled).To(Equal(excessCapacityReservation))
 			Expect(obj.Spec.Settings.Scheduling.Visible).To(Equal(scheduling))
 			Expect(obj.Spec.Settings.VerticalPodAutoscaler.Enabled).To(Equal(vpaEnabled))
-			Expect(obj.Spec.Settings.OwnerChecks.Enabled).To(Equal(ownerChecks))
 			Expect(obj.Spec.Settings.TopologyAwareRouting.Enabled).To(Equal(topologyAwareRouting))
 		})
 

diff --git a/pkg/apis/core/v1beta1/generated.proto b/pkg/apis/core/v1beta1/generated.proto
diff --git a/pkg/apis/core/v1beta1/helper/helper.go b/pkg/apis/core/v1beta1/helper/helper.go
@@ -493,11 +493,6 @@ func SeedSettingVerticalPodAutoscalerEnabled(settings *gardencorev1beta1.SeedSet
 	return settings == nil || settings.VerticalPodAutoscaler == nil || settings.VerticalPodAutoscaler.Enabled
 }
 
-// SeedSettingOwnerChecksEnabled returns true if the 'ownerChecks' setting is enabled.
-func SeedSettingOwnerChecksEnabled(settings *gardencorev1beta1.SeedSettings) bool {
-	return settings != nil && settings.OwnerChecks != nil && settings.OwnerChecks.Enabled
-}
-
 // SeedSettingDependencyWatchdogWeederEnabled returns true if the dependency-watchdog-weeder is enabled.
 func SeedSettingDependencyWatchdogWeederEnabled(settings *gardencorev1beta1.SeedSettings) bool {
 	return settings == nil || settings.DependencyWatchdog == nil || settings.DependencyWatchdog.Weeder == nil || settings.DependencyWatchdog.Weeder.Enabled

diff --git a/pkg/apis/core/v1beta1/helper/helper_test.go b/pkg/apis/core/v1beta1/helper/helper_test.go
@@ -853,17 +853,6 @@ var _ = Describe("helper", func() {
 		),
 	)
 
-	DescribeTable("#SeedSettingOwnerChecksEnabled",
-		func(settings *gardencorev1beta1.SeedSettings, expected bool) {
-			Expect(SeedSettingOwnerChecksEnabled(settings)).To(Equal(expected))
-		},
-
-		Entry("no settings", nil, false),
-		Entry("no owner checks setting", &gardencorev1beta1.SeedSettings{}, false),
-		Entry("owner checks enabled", &gardencorev1beta1.SeedSettings{OwnerChecks: &gardencorev1beta1.SeedSettingOwnerChecks{Enabled: true}}, true),
-		Entry("owner checks disabled", &gardencorev1beta1.SeedSettings{OwnerChecks: &gardencorev1beta1.SeedSettingOwnerChecks{Enabled: false}}, false),
-	)
-
 	DescribeTable("#SeedSettingDependencyWatchdogWeederEnabled",
 		func(settings *gardencorev1beta1.SeedSettings, expected bool) {
 			Expect(SeedSettingDependencyWatchdogWeederEnabled(settings)).To(Equal(expected))

diff --git a/pkg/apis/core/v1beta1/types_seed.go b/pkg/apis/core/v1beta1/types_seed.go
@@ -321,8 +321,7 @@ type SeedSettingVerticalPodAutoscaler struct {
 // SeedSettingOwnerChecks controls certain owner checks settings for shoots scheduled on this seed.
 //
 // Deprecated: This field is deprecated. The "bad-case" control plane migration is being removed in favor of the HA Shoot control planes (see https://github.com/gardener/gardener/issues/6302).
-// The field is locked to false (i.e. if the field value is true a validation error will be returned). In this way gardenlet will clean up all owner DNSRecords.
-// Finally, the field will be removed from the API in a future version of Gardener.
+// The field is no-op and will be removed in a future version.
 type SeedSettingOwnerChecks struct {
 	// Enabled controls whether owner checks are enabled for shoots scheduled on this seed.
 	Enabled bool `json:"enabled" protobuf:"bytes,1,opt,name=enabled"`

diff --git a/pkg/apis/core/validation/seed.go b/pkg/apis/core/validation/seed.go
@@ -190,9 +190,6 @@ func ValidateSeedSpec(seedSpec *core.SeedSpec, fldPath *field.Path, inTemplate b
 		if helper.SeedSettingTopologyAwareRoutingEnabled(seedSpec.Settings) && len(seedSpec.Provider.Zones) <= 1 {
 			allErrs = append(allErrs, field.Forbidden(fldPath.Child("settings", "topologyAwareRouting", "enabled"), "topology-aware routing can only be enabled on multi-zone Seed clusters (with at least two zones in spec.provider.zones)"))
 		}
-		if helper.SeedSettingOwnerChecksEnabled(seedSpec.Settings) {
-			allErrs = append(allErrs, field.Forbidden(fldPath.Child("settings", "ownerChecks", "enabled"), "owner checks is locked to false in Gardener v1.72+"))
-		}
 	}
 
 	if !inTemplate && seedSpec.Ingress == nil {

diff --git a/pkg/apis/core/validation/seed_test.go b/pkg/apis/core/validation/seed_test.go
@@ -889,46 +889,6 @@ var _ = Describe("Seed Validation Tests", func() {
 
 				Expect(errorList).To(BeEmpty())
 			})
-
-			Context("ownerChecks", func() {
-				It("should allow unspecified owner checks", func() {
-					seed.Spec.Settings = &core.SeedSettings{}
-
-					errorList := ValidateSeed(seed)
-
-					Expect(errorList).To(BeEmpty())
-				})
-
-				It("should allow owner checks disablement", func() {
-					seed.Spec.Settings = &core.SeedSettings{
-						OwnerChecks: &core.SeedSettingOwnerChecks{
-							Enabled: false,
-						},
-					}
-
-					errorList := ValidateSeed(seed)
-
-					Expect(errorList).To(BeEmpty())
-				})
-
-				It("should prevent owner checks enablement", func() {
-					seed.Spec.Settings = &core.SeedSettings{
-						OwnerChecks: &core.SeedSettingOwnerChecks{
-							Enabled: true,
-						},
-					}
-
-					errorList := ValidateSeed(seed)
-
-					Expect(errorList).To(ConsistOf(
-						PointTo(MatchFields(IgnoreExtras, Fields{
-							"Type":   Equal(field.ErrorTypeForbidden),
-							"Field":  Equal("spec.settings.ownerChecks.enabled"),
-							"Detail": Equal("owner checks is locked to false in Gardener v1.72+"),
-						})),
-					))
-				})
-			})
 		})
 
 		It("should fail updating immutable fields", func() {

diff --git a/pkg/gardenlet/apis/config/helper/helpers.go b/pkg/gardenlet/apis/config/helper/helpers.go
@@ -22,7 +22,6 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 
 	gardencore "github.com/gardener/gardener/pkg/apis/core"
-	gardencorehelper "github.com/gardener/gardener/pkg/apis/core/helper"
 	gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
 	"github.com/gardener/gardener/pkg/gardenlet/apis/config"
 	gardenletv1alpha1 "github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1"
@@ -37,14 +36,6 @@ func SeedNameFromSeedConfig(seedConfig *config.SeedConfig) string {
 	return seedConfig.SeedTemplate.Name
 }
 
-// OwnerChecksEnabledInSeedConfig returns false if the given seed config is nil or the 'ownerChecks' setting is enabled.
-func OwnerChecksEnabledInSeedConfig(seedConfig *config.SeedConfig) bool {
-	if seedConfig == nil {
-		return false
-	}
-	return gardencorehelper.SeedSettingOwnerChecksEnabled(seedConfig.Spec.Settings)
-}
-
 // StaleExtensionHealthChecksThreshold returns nil if the given config is nil or the check
 // for stale health checks is not enabled. Otherwise it returns the threshold from the given config.
 func StaleExtensionHealthChecksThreshold(c *config.StaleExtensionHealthChecks) *metav1.Duration {

diff --git a/pkg/gardenlet/apis/config/helper/helpers_test.go b/pkg/gardenlet/apis/config/helper/helpers_test.go
@@ -48,27 +48,6 @@ var _ = Describe("helper", func() {
 		})
 	})
 
-	Describe("#OwnerChecksEnabledInSeedConfig", func() {
-		It("should return false with nil config", func() {
-			Expect(OwnerChecksEnabledInSeedConfig(nil)).To(BeFalse())
-		})
-
-		It("should return true if owner checks are enabled", func() {
-			config := &config.SeedConfig{
-				SeedTemplate: gardencore.SeedTemplate{
-					Spec: gardencore.SeedSpec{
-						Settings: &gardencore.SeedSettings{
-							OwnerChecks: &gardencore.SeedSettingOwnerChecks{
-								Enabled: true,
-							},
-						},
-					},
-				},
-			}
-			Expect(OwnerChecksEnabledInSeedConfig(config)).To(BeTrue())
-		})
-	})
-
 	Describe("#StaleExtensionHealthChecksThreshold", func() {
 		It("should return nil when the config is nil", func() {
 			Expect(StaleExtensionHealthChecksThreshold(nil)).To(BeNil())