diff --git a/docs/api-reference/core.md b/docs/api-reference/core.md
index 30af86268c1..0ffd6577d12 100644
--- a/docs/api-reference/core.md
+++ b/docs/api-reference/core.md
@@ -9243,8 +9243,7 @@ Defaults to “Cluster”.
SeedSettingOwnerChecks controls certain owner checks settings for shoots scheduled on this seed.
Deprecated: This field is deprecated. The “bad-case” control plane migration is being removed in favor of the HA Shoot control planes (see https://github.com/gardener/gardener/issues/6302).
-The field is locked to false (i.e. if the field value is true a validation error will be returned). In this way gardenlet will clean up all owner DNSRecords.
-Finally, the field will be removed from the API in a future version of Gardener.
+The field is no-op and will be removed in a future version.
diff --git a/docs/usage/seed_settings.md b/docs/usage/seed_settings.md
index 0f232811156..846a2662917 100644
--- a/docs/usage/seed_settings.md
+++ b/docs/usage/seed_settings.md
@@ -109,15 +109,6 @@ By setting the `.spec.settings.verticalPodAutoscaler.enabled=false`, you can dis
⚠️ In any case, there must be a VPA available for your seed cluster. Using a seed without VPA is not supported.
-## Owner Checks
-
-> Note: The owner checks are deprecated. The "bad-case" control plane migration is being removed in favor of the HA Shoot control planes (see https://github.com/gardener/gardener/issues/6302). The field will be locked to `false` in a future version of Gardener. In this way gardenlet will clean up all owner DNSRecords. Finally, the field will be removed from the API. Set this field to `false` to be prepared for the above-mentioned locking.
-
-When a shoot is scheduled to a seed and actually reconciled, Gardener appoints the seed as the current "owner" of the shoot by creating a special "owner DNS record" and checking against it if the seed still owns the shoot in order to guard against "split brain scenario" during control plane migration, as described in [GEP-17 Shoot Control Plane Migration "Bad Case" Scenario](../proposals/17-shoot-control-plane-migration-bad-case.md).
-This mechanism relies on the DNS resolution of TXT DNS records being possible and highly reliable, since if the owner check fails, the shoot will be effectively disabled for the duration of the failure.
-In environments where resolving TXT DNS records is either not possible or not considered reliable enough, it may be necessary to disable the owner check mechanism, in order to avoid shoots failing to reconcile or temporary outages due to transient DNS failures.
-By setting the `.spec.settings.ownerChecks.enabled=false` (default is `true`), the creation and checking of owner DNS records can be disabled for all shoots scheduled on this seed. Note that if owner checks are disabled, migrating shoots scheduled on this seed to other seeds should be considered unsafe, and in the future will be disabled as well.
-
## Topology-Aware Traffic Routing
Refer to the [Topology-Aware Traffic Routing documentation](./topology_aware_routing.md) as this document contains the documentation for the topology-aware routing Seed setting.
diff --git a/example/50-seed.yaml b/example/50-seed.yaml
index 86b18d19bd7..a52aff44be0 100644
--- a/example/50-seed.yaml
+++ b/example/50-seed.yaml
@@ -74,8 +74,6 @@ spec:
# externalTrafficPolicy: Local
verticalPodAutoscaler:
enabled: true # a Gardener-managed VPA deployment is enabled
- ownerChecks:
- enabled: false # owner checks are disabled for shoots scheduled on this seed
topologyAwareRouting:
enabled: true # certain Services deployed in the seed will be topology-aware
# taints:
diff --git a/example/gardener-local/gardenlet/values.yaml b/example/gardener-local/gardenlet/values.yaml
index 2cd560c3c5b..b5ba0b55a39 100644
--- a/example/gardener-local/gardenlet/values.yaml
+++ b/example/gardener-local/gardenlet/values.yaml
@@ -93,8 +93,6 @@ config:
settings:
excessCapacityReservation:
enabled: false
- ownerChecks:
- enabled: false
scheduling:
visible: true
verticalPodAutoscaler:
diff --git a/example/provider-extensions/gardenlet/values.yaml.tmpl b/example/provider-extensions/gardenlet/values.yaml.tmpl
index 0265c340f92..6adff7f5383 100644
--- a/example/provider-extensions/gardenlet/values.yaml.tmpl
+++ b/example/provider-extensions/gardenlet/values.yaml.tmpl
@@ -48,8 +48,6 @@ config:
enabled: true
excessCapacityReservation:
enabled: false
- ownerChecks:
- enabled: false
scheduling:
visible: true
verticalPodAutoscaler:
diff --git a/example/provider-local/managedseeds/managedseed.yaml b/example/provider-local/managedseeds/managedseed.yaml
index 43363ad5589..20f3949a2b9 100644
--- a/example/provider-local/managedseeds/managedseed.yaml
+++ b/example/provider-local/managedseeds/managedseed.yaml
@@ -15,8 +15,6 @@ spec:
settings:
excessCapacityReservation:
enabled: false
- ownerChecks:
- enabled: false
scheduling:
visible: false
verticalPodAutoscaler:
diff --git a/example/provider-local/seed-kind-ha-multi-zone/local/seed.yaml b/example/provider-local/seed-kind-ha-multi-zone/local/seed.yaml
index c3fae8c252d..22e0e7d0b99 100644
--- a/example/provider-local/seed-kind-ha-multi-zone/local/seed.yaml
+++ b/example/provider-local/seed-kind-ha-multi-zone/local/seed.yaml
@@ -39,8 +39,6 @@ spec:
settings:
excessCapacityReservation:
enabled: false
- ownerChecks:
- enabled: false
scheduling:
visible: true
verticalPodAutoscaler:
diff --git a/example/provider-local/seed-kind-ha-single-zone/local/seed.yaml b/example/provider-local/seed-kind-ha-single-zone/local/seed.yaml
index 40415b33f22..a85b343c731 100644
--- a/example/provider-local/seed-kind-ha-single-zone/local/seed.yaml
+++ b/example/provider-local/seed-kind-ha-single-zone/local/seed.yaml
@@ -37,8 +37,6 @@ spec:
settings:
excessCapacityReservation:
enabled: false
- ownerChecks:
- enabled: false
scheduling:
visible: true
verticalPodAutoscaler:
diff --git a/example/provider-local/seed-kind/local/seed.yaml b/example/provider-local/seed-kind/local/seed.yaml
index aaea48320e1..7848d8c0884 100644
--- a/example/provider-local/seed-kind/local/seed.yaml
+++ b/example/provider-local/seed-kind/local/seed.yaml
@@ -37,8 +37,6 @@ spec:
settings:
excessCapacityReservation:
enabled: false
- ownerChecks:
- enabled: false
scheduling:
visible: true
verticalPodAutoscaler:
diff --git a/pkg/apis/core/helper/helpers.go b/pkg/apis/core/helper/helpers.go
index 838ba7f7e96..81d2fb76d9c 100644
--- a/pkg/apis/core/helper/helpers.go
+++ b/pkg/apis/core/helper/helpers.go
@@ -203,11 +203,6 @@ func SeedSettingSchedulingVisible(settings *core.SeedSettings) bool {
return settings == nil || settings.Scheduling == nil || settings.Scheduling.Visible
}
-// SeedSettingOwnerChecksEnabled returns true if the 'ownerChecks' setting is enabled.
-func SeedSettingOwnerChecksEnabled(settings *core.SeedSettings) bool {
- return settings != nil && settings.OwnerChecks != nil && settings.OwnerChecks.Enabled
-}
-
// SeedSettingTopologyAwareRoutingEnabled returns true if the topology-aware routing is enabled.
func SeedSettingTopologyAwareRoutingEnabled(settings *core.SeedSettings) bool {
return settings != nil && settings.TopologyAwareRouting != nil && settings.TopologyAwareRouting.Enabled
diff --git a/pkg/apis/core/helper/helpers_test.go b/pkg/apis/core/helper/helpers_test.go
index c610475a0f3..bca12478a2d 100644
--- a/pkg/apis/core/helper/helpers_test.go
+++ b/pkg/apis/core/helper/helpers_test.go
@@ -510,17 +510,6 @@ var _ = Describe("helper", func() {
Entry("scheduling 'visible' is true", &core.SeedSettings{Scheduling: &core.SeedSettingScheduling{Visible: true}}, true),
)
- DescribeTable("#SeedSettingOwnerChecksEnabled",
- func(settings *core.SeedSettings, expected bool) {
- Expect(SeedSettingOwnerChecksEnabled(settings)).To(Equal(expected))
- },
-
- Entry("no settings", nil, false),
- Entry("no owner checks setting", &core.SeedSettings{}, false),
- Entry("owner checks enabled", &core.SeedSettings{OwnerChecks: &core.SeedSettingOwnerChecks{Enabled: true}}, true),
- Entry("owner checks disabled", &core.SeedSettings{OwnerChecks: &core.SeedSettingOwnerChecks{Enabled: false}}, false),
- )
-
DescribeTable("#SeedSettingTopologyAwareRoutingEnabled",
func(settings *core.SeedSettings, expected bool) {
Expect(SeedSettingTopologyAwareRoutingEnabled(settings)).To(Equal(expected))
diff --git a/pkg/apis/core/types_seed.go b/pkg/apis/core/types_seed.go
index c828ea14765..25047647989 100644
--- a/pkg/apis/core/types_seed.go
+++ b/pkg/apis/core/types_seed.go
@@ -208,8 +208,7 @@ type SeedSettings struct {
// SeedSettingOwnerChecks controls certain owner checks settings for shoots scheduled on this seed.
//
// Deprecated: This field is deprecated. The "bad-case" control plane migration is being removed in favor of the HA Shoot control planes (see https://github.com/gardener/gardener/issues/6302).
- // The field is locked to false (i.e. if the field value is true a validation error will be returned). In this way gardenlet will clean up all owner DNSRecords.
- // Finally, the field will be removed from the API in a future version of Gardener.
+ // The field is no-op and will be removed in a future version.
OwnerChecks *SeedSettingOwnerChecks
// DependencyWatchdog controls certain settings for the dependency-watchdog components deployed in the seed.
DependencyWatchdog *SeedSettingDependencyWatchdog
@@ -271,8 +270,7 @@ type SeedSettingVerticalPodAutoscaler struct {
// SeedSettingOwnerChecks controls certain owner checks settings for shoots scheduled on this seed.
//
// Deprecated: This field is deprecated. The "bad-case" control plane migration is being removed in favor of the HA Shoot control planes (see https://github.com/gardener/gardener/issues/6302).
-// The field is locked to false (i.e. if the field value is true a validation error will be returned). In this way gardenlet will clean up all owner DNSRecords.
-// Finally, the field will be removed from the API in a future version of Gardener.
+// The field is no-op and will be removed in a future version.
type SeedSettingOwnerChecks struct {
// Enabled controls whether owner checks are enabled for shoots scheduled on this seed.
Enabled bool
diff --git a/pkg/apis/core/v1beta1/constants/types_constants.go b/pkg/apis/core/v1beta1/constants/types_constants.go
index d4a9c517e68..d0052c462c5 100644
--- a/pkg/apis/core/v1beta1/constants/types_constants.go
+++ b/pkg/apis/core/v1beta1/constants/types_constants.go
@@ -709,8 +709,6 @@ const (
DNSRecordInternalName = "internal"
// DNSRecordExternalName is a constant for DNSRecord objects used for the external domain name.
DNSRecordExternalName = "external"
- // DNSRecordOwnerName is a constant for DNSRecord objects used for the owner domain name.
- DNSRecordOwnerName = "owner"
// ArchitectureAMD64 is a constant for the 'amd64' architecture.
ArchitectureAMD64 = "amd64"
diff --git a/pkg/apis/core/v1beta1/defaults.go b/pkg/apis/core/v1beta1/defaults.go
index 200711aad83..83e3382fb1f 100644
--- a/pkg/apis/core/v1beta1/defaults.go
+++ b/pkg/apis/core/v1beta1/defaults.go
@@ -64,10 +64,6 @@ func SetDefaults_Seed(obj *Seed) {
obj.Spec.Settings.VerticalPodAutoscaler = &SeedSettingVerticalPodAutoscaler{Enabled: true}
}
- if obj.Spec.Settings.OwnerChecks == nil {
- obj.Spec.Settings.OwnerChecks = &SeedSettingOwnerChecks{Enabled: false}
- }
-
if obj.Spec.Settings.DependencyWatchdog == nil {
obj.Spec.Settings.DependencyWatchdog = &SeedSettingDependencyWatchdog{}
}
diff --git a/pkg/apis/core/v1beta1/defaults_test.go b/pkg/apis/core/v1beta1/defaults_test.go
index b56d9349440..a89daeabcc0 100644
--- a/pkg/apis/core/v1beta1/defaults_test.go
+++ b/pkg/apis/core/v1beta1/defaults_test.go
@@ -43,7 +43,6 @@ var _ = Describe("Defaults", func() {
Expect(obj.Spec.Settings.ExcessCapacityReservation.Enabled).To(BeTrue())
Expect(obj.Spec.Settings.Scheduling.Visible).To(BeTrue())
Expect(obj.Spec.Settings.VerticalPodAutoscaler.Enabled).To(BeTrue())
- Expect(obj.Spec.Settings.OwnerChecks.Enabled).To(BeFalse())
Expect(obj.Spec.Settings.TopologyAwareRouting.Enabled).To(BeFalse())
})
@@ -61,7 +60,6 @@ var _ = Describe("Defaults", func() {
Expect(obj.Spec.Settings.ExcessCapacityReservation.Enabled).To(BeTrue())
Expect(obj.Spec.Settings.Scheduling.Visible).To(BeTrue())
Expect(obj.Spec.Settings.VerticalPodAutoscaler.Enabled).To(BeTrue())
- Expect(obj.Spec.Settings.OwnerChecks.Enabled).To(BeFalse())
Expect(obj.Spec.Settings.TopologyAwareRouting.Enabled).To(BeFalse())
Expect(obj.Spec.Taints).To(HaveLen(3))
Expect(obj.Spec.Taints).To(Equal(taints))
@@ -75,7 +73,6 @@ var _ = Describe("Defaults", func() {
excessCapacityReservation = false
scheduling = true
vpaEnabled = false
- ownerChecks = true
)
obj.Spec.Settings = &SeedSettings{
@@ -89,7 +86,6 @@ var _ = Describe("Defaults", func() {
ExcessCapacityReservation: &SeedSettingExcessCapacityReservation{Enabled: excessCapacityReservation},
Scheduling: &SeedSettingScheduling{Visible: scheduling},
VerticalPodAutoscaler: &SeedSettingVerticalPodAutoscaler{Enabled: vpaEnabled},
- OwnerChecks: &SeedSettingOwnerChecks{Enabled: ownerChecks},
}
SetObjectDefaults_Seed(obj)
@@ -99,7 +95,6 @@ var _ = Describe("Defaults", func() {
Expect(obj.Spec.Settings.ExcessCapacityReservation.Enabled).To(Equal(excessCapacityReservation))
Expect(obj.Spec.Settings.Scheduling.Visible).To(Equal(scheduling))
Expect(obj.Spec.Settings.VerticalPodAutoscaler.Enabled).To(Equal(vpaEnabled))
- Expect(obj.Spec.Settings.OwnerChecks.Enabled).To(Equal(ownerChecks))
Expect(obj.Spec.Settings.TopologyAwareRouting.Enabled).To(Equal(topologyAwareRouting))
})
diff --git a/pkg/apis/core/v1beta1/generated.proto b/pkg/apis/core/v1beta1/generated.proto
index 9867c7c1e15..870029e6d31 100644
--- a/pkg/apis/core/v1beta1/generated.proto
+++ b/pkg/apis/core/v1beta1/generated.proto
@@ -2292,8 +2292,7 @@ message SeedSettingLoadBalancerServicesZones {
// SeedSettingOwnerChecks controls certain owner checks settings for shoots scheduled on this seed.
//
// Deprecated: This field is deprecated. The "bad-case" control plane migration is being removed in favor of the HA Shoot control planes (see https://github.com/gardener/gardener/issues/6302).
-// The field is locked to false (i.e. if the field value is true a validation error will be returned). In this way gardenlet will clean up all owner DNSRecords.
-// Finally, the field will be removed from the API in a future version of Gardener.
+// The field is no-op and will be removed in a future version.
message SeedSettingOwnerChecks {
// Enabled controls whether owner checks are enabled for shoots scheduled on this seed.
optional bool enabled = 1;
diff --git a/pkg/apis/core/v1beta1/helper/helper.go b/pkg/apis/core/v1beta1/helper/helper.go
index 67bdaeae5f0..b2fcbfa636b 100644
--- a/pkg/apis/core/v1beta1/helper/helper.go
+++ b/pkg/apis/core/v1beta1/helper/helper.go
@@ -493,11 +493,6 @@ func SeedSettingVerticalPodAutoscalerEnabled(settings *gardencorev1beta1.SeedSet
return settings == nil || settings.VerticalPodAutoscaler == nil || settings.VerticalPodAutoscaler.Enabled
}
-// SeedSettingOwnerChecksEnabled returns true if the 'ownerChecks' setting is enabled.
-func SeedSettingOwnerChecksEnabled(settings *gardencorev1beta1.SeedSettings) bool {
- return settings != nil && settings.OwnerChecks != nil && settings.OwnerChecks.Enabled
-}
-
// SeedSettingDependencyWatchdogWeederEnabled returns true if the dependency-watchdog-weeder is enabled.
func SeedSettingDependencyWatchdogWeederEnabled(settings *gardencorev1beta1.SeedSettings) bool {
return settings == nil || settings.DependencyWatchdog == nil || settings.DependencyWatchdog.Weeder == nil || settings.DependencyWatchdog.Weeder.Enabled
diff --git a/pkg/apis/core/v1beta1/helper/helper_test.go b/pkg/apis/core/v1beta1/helper/helper_test.go
index ced1141dea3..7a91c706292 100644
--- a/pkg/apis/core/v1beta1/helper/helper_test.go
+++ b/pkg/apis/core/v1beta1/helper/helper_test.go
@@ -853,17 +853,6 @@ var _ = Describe("helper", func() {
),
)
- DescribeTable("#SeedSettingOwnerChecksEnabled",
- func(settings *gardencorev1beta1.SeedSettings, expected bool) {
- Expect(SeedSettingOwnerChecksEnabled(settings)).To(Equal(expected))
- },
-
- Entry("no settings", nil, false),
- Entry("no owner checks setting", &gardencorev1beta1.SeedSettings{}, false),
- Entry("owner checks enabled", &gardencorev1beta1.SeedSettings{OwnerChecks: &gardencorev1beta1.SeedSettingOwnerChecks{Enabled: true}}, true),
- Entry("owner checks disabled", &gardencorev1beta1.SeedSettings{OwnerChecks: &gardencorev1beta1.SeedSettingOwnerChecks{Enabled: false}}, false),
- )
-
DescribeTable("#SeedSettingDependencyWatchdogWeederEnabled",
func(settings *gardencorev1beta1.SeedSettings, expected bool) {
Expect(SeedSettingDependencyWatchdogWeederEnabled(settings)).To(Equal(expected))
diff --git a/pkg/apis/core/v1beta1/types_seed.go b/pkg/apis/core/v1beta1/types_seed.go
index 3b443a0c969..f79448a3848 100644
--- a/pkg/apis/core/v1beta1/types_seed.go
+++ b/pkg/apis/core/v1beta1/types_seed.go
@@ -321,8 +321,7 @@ type SeedSettingVerticalPodAutoscaler struct {
// SeedSettingOwnerChecks controls certain owner checks settings for shoots scheduled on this seed.
//
// Deprecated: This field is deprecated. The "bad-case" control plane migration is being removed in favor of the HA Shoot control planes (see https://github.com/gardener/gardener/issues/6302).
-// The field is locked to false (i.e. if the field value is true a validation error will be returned). In this way gardenlet will clean up all owner DNSRecords.
-// Finally, the field will be removed from the API in a future version of Gardener.
+// The field is no-op and will be removed in a future version.
type SeedSettingOwnerChecks struct {
// Enabled controls whether owner checks are enabled for shoots scheduled on this seed.
Enabled bool `json:"enabled" protobuf:"bytes,1,opt,name=enabled"`
diff --git a/pkg/apis/core/validation/seed.go b/pkg/apis/core/validation/seed.go
index 1a4c79b54de..7e9b89adfa2 100644
--- a/pkg/apis/core/validation/seed.go
+++ b/pkg/apis/core/validation/seed.go
@@ -190,9 +190,6 @@ func ValidateSeedSpec(seedSpec *core.SeedSpec, fldPath *field.Path, inTemplate b
if helper.SeedSettingTopologyAwareRoutingEnabled(seedSpec.Settings) && len(seedSpec.Provider.Zones) <= 1 {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("settings", "topologyAwareRouting", "enabled"), "topology-aware routing can only be enabled on multi-zone Seed clusters (with at least two zones in spec.provider.zones)"))
}
- if helper.SeedSettingOwnerChecksEnabled(seedSpec.Settings) {
- allErrs = append(allErrs, field.Forbidden(fldPath.Child("settings", "ownerChecks", "enabled"), "owner checks is locked to false in Gardener v1.72+"))
- }
}
if !inTemplate && seedSpec.Ingress == nil {
diff --git a/pkg/apis/core/validation/seed_test.go b/pkg/apis/core/validation/seed_test.go
index f479dd06791..1a3357264b3 100644
--- a/pkg/apis/core/validation/seed_test.go
+++ b/pkg/apis/core/validation/seed_test.go
@@ -889,46 +889,6 @@ var _ = Describe("Seed Validation Tests", func() {
Expect(errorList).To(BeEmpty())
})
-
- Context("ownerChecks", func() {
- It("should allow unspecified owner checks", func() {
- seed.Spec.Settings = &core.SeedSettings{}
-
- errorList := ValidateSeed(seed)
-
- Expect(errorList).To(BeEmpty())
- })
-
- It("should allow owner checks disablement", func() {
- seed.Spec.Settings = &core.SeedSettings{
- OwnerChecks: &core.SeedSettingOwnerChecks{
- Enabled: false,
- },
- }
-
- errorList := ValidateSeed(seed)
-
- Expect(errorList).To(BeEmpty())
- })
-
- It("should prevent owner checks enablement", func() {
- seed.Spec.Settings = &core.SeedSettings{
- OwnerChecks: &core.SeedSettingOwnerChecks{
- Enabled: true,
- },
- }
-
- errorList := ValidateSeed(seed)
-
- Expect(errorList).To(ConsistOf(
- PointTo(MatchFields(IgnoreExtras, Fields{
- "Type": Equal(field.ErrorTypeForbidden),
- "Field": Equal("spec.settings.ownerChecks.enabled"),
- "Detail": Equal("owner checks is locked to false in Gardener v1.72+"),
- })),
- ))
- })
- })
})
It("should fail updating immutable fields", func() {
diff --git a/pkg/gardenlet/apis/config/helper/helpers.go b/pkg/gardenlet/apis/config/helper/helpers.go
index 28d3cab888c..fbdff0cdad9 100644
--- a/pkg/gardenlet/apis/config/helper/helpers.go
+++ b/pkg/gardenlet/apis/config/helper/helpers.go
@@ -22,7 +22,6 @@ import (
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
gardencore "github.com/gardener/gardener/pkg/apis/core"
- gardencorehelper "github.com/gardener/gardener/pkg/apis/core/helper"
gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
"github.com/gardener/gardener/pkg/gardenlet/apis/config"
gardenletv1alpha1 "github.com/gardener/gardener/pkg/gardenlet/apis/config/v1alpha1"
@@ -37,14 +36,6 @@ func SeedNameFromSeedConfig(seedConfig *config.SeedConfig) string {
return seedConfig.SeedTemplate.Name
}
-// OwnerChecksEnabledInSeedConfig returns false if the given seed config is nil or the 'ownerChecks' setting is enabled.
-func OwnerChecksEnabledInSeedConfig(seedConfig *config.SeedConfig) bool {
- if seedConfig == nil {
- return false
- }
- return gardencorehelper.SeedSettingOwnerChecksEnabled(seedConfig.Spec.Settings)
-}
-
// StaleExtensionHealthChecksThreshold returns nil if the given config is nil or the check
// for stale health checks is not enabled. Otherwise it returns the threshold from the given config.
func StaleExtensionHealthChecksThreshold(c *config.StaleExtensionHealthChecks) *metav1.Duration {
diff --git a/pkg/gardenlet/apis/config/helper/helpers_test.go b/pkg/gardenlet/apis/config/helper/helpers_test.go
index 44478fc1b00..9d2ed51d4d4 100644
--- a/pkg/gardenlet/apis/config/helper/helpers_test.go
+++ b/pkg/gardenlet/apis/config/helper/helpers_test.go
@@ -48,27 +48,6 @@ var _ = Describe("helper", func() {
})
})
- Describe("#OwnerChecksEnabledInSeedConfig", func() {
- It("should return false with nil config", func() {
- Expect(OwnerChecksEnabledInSeedConfig(nil)).To(BeFalse())
- })
-
- It("should return true if owner checks are enabled", func() {
- config := &config.SeedConfig{
- SeedTemplate: gardencore.SeedTemplate{
- Spec: gardencore.SeedSpec{
- Settings: &gardencore.SeedSettings{
- OwnerChecks: &gardencore.SeedSettingOwnerChecks{
- Enabled: true,
- },
- },
- },
- },
- }
- Expect(OwnerChecksEnabledInSeedConfig(config)).To(BeTrue())
- })
- })
-
Describe("#StaleExtensionHealthChecksThreshold", func() {
It("should return nil when the config is nil", func() {
Expect(StaleExtensionHealthChecksThreshold(nil)).To(BeNil())
diff --git a/pkg/gardenlet/controller/shoot/shoot/reconciler_delete.go b/pkg/gardenlet/controller/shoot/shoot/reconciler_delete.go
index 4567da599d6..6858ee4cc7c 100644
--- a/pkg/gardenlet/controller/shoot/shoot/reconciler_delete.go
+++ b/pkg/gardenlet/controller/shoot/shoot/reconciler_delete.go
@@ -206,20 +206,15 @@ func (r *Reconciler) runDeleteShootFlow(ctx context.Context, o *operation.Operat
Fn: flow.TaskFn(botanist.DeployReferencedResources).RetryUntilTimeout(defaultInterval, defaultTimeout).DoIf(nonTerminatingNamespace),
Dependencies: flow.NewTaskIDs(deployNamespace, ensureShootStateExists),
})
- deployOwnerDomainDNSRecord = g.Add(flow.Task{
- Name: "Deploying owner domain DNS record",
- Fn: flow.TaskFn(botanist.DeployOwnerDNSResources).DoIf(nonTerminatingNamespace),
- Dependencies: flow.NewTaskIDs(ensureShootStateExists, deployReferencedResources),
- })
deployInternalDomainDNSRecord = g.Add(flow.Task{
Name: "Deploying internal domain DNS record",
Fn: flow.TaskFn(botanist.DeployOrDestroyInternalDNSRecord).DoIf(cleanupShootResources),
- Dependencies: flow.NewTaskIDs(deployReferencedResources, waitUntilKubeAPIServerServiceIsReady, deployOwnerDomainDNSRecord),
+ Dependencies: flow.NewTaskIDs(deployReferencedResources, waitUntilKubeAPIServerServiceIsReady),
})
deployETCD = g.Add(flow.Task{
Name: "Deploying main and events etcd",
Fn: flow.TaskFn(botanist.DeployEtcd).RetryUntilTimeout(defaultInterval, defaultTimeout).DoIf(cleanupShootResources),
- Dependencies: flow.NewTaskIDs(initializeSecretsManagement, deployCloudProviderSecret, deployOwnerDomainDNSRecord),
+ Dependencies: flow.NewTaskIDs(initializeSecretsManagement, deployCloudProviderSecret),
})
scaleETCD = g.Add(flow.Task{
Name: "Scaling up etcd main and event",
@@ -650,11 +645,6 @@ func (r *Reconciler) runDeleteShootFlow(ctx context.Context, o *operation.Operat
Fn: flow.TaskFn(botanist.DestroyInternalDNSRecord).DoIf(nonTerminatingNamespace),
Dependencies: flow.NewTaskIDs(syncPoint),
})
- destroyOwnerDomainDNSRecord = g.Add(flow.Task{
- Name: "Destroying owner domain DNS record",
- Fn: flow.TaskFn(botanist.DestroyOwnerDNSResources).DoIf(nonTerminatingNamespace),
- Dependencies: flow.NewTaskIDs(syncPoint),
- })
destroyReferencedResources = g.Add(flow.Task{
Name: "Deleting referenced resources",
Fn: flow.TaskFn(botanist.DestroyReferencedResources).RetryUntilTimeout(defaultInterval, defaultTimeout),
@@ -673,7 +663,7 @@ func (r *Reconciler) runDeleteShootFlow(ctx context.Context, o *operation.Operat
deleteNamespace = g.Add(flow.Task{
Name: "Deleting shoot namespace in Seed",
Fn: flow.TaskFn(botanist.DeleteSeedNamespace).RetryUntilTimeout(defaultInterval, defaultTimeout),
- Dependencies: flow.NewTaskIDs(syncPoint, destroyInternalDomainDNSRecord, destroyOwnerDomainDNSRecord, destroyReferencedResources, waitUntilEtcdDeleted),
+ Dependencies: flow.NewTaskIDs(syncPoint, destroyInternalDomainDNSRecord, destroyReferencedResources, waitUntilEtcdDeleted),
})
_ = g.Add(flow.Task{
Name: "Waiting until shoot namespace in Seed has been deleted",
diff --git a/pkg/gardenlet/controller/shoot/shoot/reconciler_migrate.go b/pkg/gardenlet/controller/shoot/shoot/reconciler_migrate.go
index 81b15c7098f..f175417ec59 100644
--- a/pkg/gardenlet/controller/shoot/shoot/reconciler_migrate.go
+++ b/pkg/gardenlet/controller/shoot/shoot/reconciler_migrate.go
@@ -371,11 +371,6 @@ func (r *Reconciler) runMigrateShootFlow(ctx context.Context, o *operation.Opera
Fn: botanist.MigrateInternalDNSRecord,
Dependencies: flow.NewTaskIDs(waitUntilKubeAPIServerDeleted),
})
- migrateOrDestroyOwnerDNSRecord = g.Add(flow.Task{
- Name: "Migrating owner domain DNS record",
- Fn: flow.TaskFn(botanist.MigrateOrDestroyOwnerDNSResources).DoIf(nonTerminatingNamespace),
- Dependencies: flow.NewTaskIDs(waitUntilKubeAPIServerDeleted),
- })
syncPoint = flow.NewTaskIDs(
waitUntilExtensionsAfterKubeAPIServerDeleted,
waitUntilExtensionsDeleted,
@@ -384,7 +379,7 @@ func (r *Reconciler) runMigrateShootFlow(ctx context.Context, o *operation.Opera
destroyDNSRecords = g.Add(flow.Task{
Name: "Deleting DNSRecords from the Shoot namespace",
Fn: flow.TaskFn(botanist.DestroyDNSRecords).DoIf(nonTerminatingNamespace),
- Dependencies: flow.NewTaskIDs(syncPoint, migrateIngressDNSRecord, migrateExternalDNSRecord, migrateInternalDNSRecord, migrateOrDestroyOwnerDNSRecord),
+ Dependencies: flow.NewTaskIDs(syncPoint, migrateIngressDNSRecord, migrateExternalDNSRecord, migrateInternalDNSRecord),
})
createETCDSnapshot = g.Add(flow.Task{
Name: "Creating ETCD Snapshot",
diff --git a/pkg/gardenlet/controller/shoot/shoot/reconciler_reconcile.go b/pkg/gardenlet/controller/shoot/shoot/reconciler_reconcile.go
index 09648857626..9df0ae8eb47 100644
--- a/pkg/gardenlet/controller/shoot/shoot/reconciler_reconcile.go
+++ b/pkg/gardenlet/controller/shoot/shoot/reconciler_reconcile.go
@@ -179,11 +179,6 @@ func (r *Reconciler) runReconcileShootFlow(ctx context.Context, o *operation.Ope
Fn: flow.TaskFn(botanist.DeployReferencedResources).RetryUntilTimeout(defaultInterval, defaultTimeout),
Dependencies: flow.NewTaskIDs(deployNamespace),
})
- deployOwnerDomainDNSRecord = g.Add(flow.Task{
- Name: "Deploying owner domain DNS record",
- Fn: botanist.DeployOwnerDNSResources,
- Dependencies: flow.NewTaskIDs(ensureShootStateExists, deployReferencedResources),
- })
deployInternalDomainDNSRecord = g.Add(flow.Task{
Name: "Deploying internal domain DNS record",
Fn: flow.TaskFn(func(ctx context.Context) error {
@@ -192,7 +187,7 @@ func (r *Reconciler) runReconcileShootFlow(ctx context.Context, o *operation.Ope
}
return removeTaskAnnotation(ctx, o, generation, v1beta1constants.ShootTaskDeployDNSRecordInternal)
}).DoIf(!o.Shoot.HibernationEnabled),
- Dependencies: flow.NewTaskIDs(deployReferencedResources, waitUntilKubeAPIServerServiceIsReady, deployOwnerDomainDNSRecord),
+ Dependencies: flow.NewTaskIDs(deployReferencedResources, waitUntilKubeAPIServerServiceIsReady),
})
_ = g.Add(flow.Task{
Name: "Deploying external domain DNS record",
@@ -202,12 +197,12 @@ func (r *Reconciler) runReconcileShootFlow(ctx context.Context, o *operation.Ope
}
return removeTaskAnnotation(ctx, o, generation, v1beta1constants.ShootTaskDeployDNSRecordExternal)
}).DoIf(!o.Shoot.HibernationEnabled),
- Dependencies: flow.NewTaskIDs(deployReferencedResources, waitUntilKubeAPIServerServiceIsReady, deployOwnerDomainDNSRecord),
+ Dependencies: flow.NewTaskIDs(deployReferencedResources, waitUntilKubeAPIServerServiceIsReady),
})
deployInfrastructure = g.Add(flow.Task{
Name: "Deploying Shoot infrastructure",
Fn: flow.TaskFn(botanist.DeployInfrastructure).RetryUntilTimeout(defaultInterval, defaultTimeout).SkipIf(o.Shoot.IsWorkerless),
- Dependencies: flow.NewTaskIDs(initializeSecretsManagement, deployCloudProviderSecret, deployReferencedResources, deployOwnerDomainDNSRecord),
+ Dependencies: flow.NewTaskIDs(initializeSecretsManagement, deployCloudProviderSecret, deployReferencedResources),
})
waitUntilInfrastructureReady = g.Add(flow.Task{
Name: "Waiting until shoot infrastructure has been reconciled",
@@ -222,9 +217,8 @@ func (r *Reconciler) runReconcileShootFlow(ctx context.Context, o *operation.Ope
Dependencies: flow.NewTaskIDs(deployInfrastructure),
})
deploySourceBackupEntry = g.Add(flow.Task{
- Name: "Deploying source backup entry",
- Fn: flow.TaskFn(botanist.DeploySourceBackupEntry).DoIf(isCopyOfBackupsRequired),
- Dependencies: flow.NewTaskIDs(deployOwnerDomainDNSRecord),
+ Name: "Deploying source backup entry",
+ Fn: flow.TaskFn(botanist.DeploySourceBackupEntry).DoIf(isCopyOfBackupsRequired),
})
waitUntilSourceBackupEntryInGardenReconciled = g.Add(flow.Task{
Name: "Waiting until the source backup entry has been reconciled",
@@ -234,7 +228,7 @@ func (r *Reconciler) runReconcileShootFlow(ctx context.Context, o *operation.Ope
deployBackupEntryInGarden = g.Add(flow.Task{
Name: "Deploying backup entry",
Fn: flow.TaskFn(botanist.DeployBackupEntry).DoIf(allowBackup),
- Dependencies: flow.NewTaskIDs(ensureShootStateExists, deployOwnerDomainDNSRecord, waitUntilSourceBackupEntryInGardenReconciled),
+ Dependencies: flow.NewTaskIDs(ensureShootStateExists, waitUntilSourceBackupEntryInGardenReconciled),
})
waitUntilBackupEntryInGardenReconciled = g.Add(flow.Task{
Name: "Waiting until the backup entry has been reconciled",
diff --git a/pkg/openapi/openapi_generated.go b/pkg/openapi/openapi_generated.go
index 225183d08a7..c2d960380e0 100644
--- a/pkg/openapi/openapi_generated.go
+++ b/pkg/openapi/openapi_generated.go
@@ -6707,7 +6707,7 @@ func schema_pkg_apis_core_v1beta1_SeedSettingOwnerChecks(ref common.ReferenceCal
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
- Description: "SeedSettingOwnerChecks controls certain owner checks settings for shoots scheduled on this seed.\n\nDeprecated: This field is deprecated. The \"bad-case\" control plane migration is being removed in favor of the HA Shoot control planes (see https://github.com/gardener/gardener/issues/6302). The field is locked to false (i.e. if the field value is true a validation error will be returned). In this way gardenlet will clean up all owner DNSRecords. Finally, the field will be removed from the API in a future version of Gardener.",
+ Description: "SeedSettingOwnerChecks controls certain owner checks settings for shoots scheduled on this seed.\n\nDeprecated: This field is deprecated. The \"bad-case\" control plane migration is being removed in favor of the HA Shoot control planes (see https://github.com/gardener/gardener/issues/6302). The field is no-op and will be removed in a future version.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"enabled": {
diff --git a/pkg/operation/botanist/botanist.go b/pkg/operation/botanist/botanist.go
index 3c50b7002bb..86835a1466f 100644
--- a/pkg/operation/botanist/botanist.go
+++ b/pkg/operation/botanist/botanist.go
@@ -90,10 +90,7 @@ func New(ctx context.Context, o *operation.Operation) (*Botanist, error) {
o.Shoot.Components.Extensions.ExternalDNSRecord = b.DefaultExternalDNSRecord()
o.Shoot.Components.Extensions.InternalDNSRecord = b.DefaultInternalDNSRecord()
o.Shoot.Components.Extensions.IngressDNSRecord = b.DefaultIngressDNSRecord()
- o.Shoot.Components.Extensions.OwnerDNSRecord = b.DefaultOwnerDNSRecord()
- if err != nil {
- return nil, err
- }
+
o.Shoot.Components.Extensions.Extension, err = b.DefaultExtension(ctx)
if err != nil {
return nil, err
diff --git a/pkg/operation/botanist/dnsrecord.go b/pkg/operation/botanist/dnsrecord.go
index 983e3eaa885..1261c7547e4 100644
--- a/pkg/operation/botanist/dnsrecord.go
+++ b/pkg/operation/botanist/dnsrecord.go
@@ -18,7 +18,6 @@ import (
"context"
v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants"
- extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1"
"github.com/gardener/gardener/pkg/component"
extensionsdnsrecord "github.com/gardener/gardener/pkg/component/extensions/dnsrecord"
"github.com/gardener/gardener/pkg/controllerutils"
@@ -86,38 +85,6 @@ func (b *Botanist) DefaultInternalDNSRecord() extensionsdnsrecord.Interface {
)
}
-// DefaultOwnerDNSRecord creates the default deployer for the owner DNSRecord resource.
-func (b *Botanist) DefaultOwnerDNSRecord() extensionsdnsrecord.Interface {
- values := &extensionsdnsrecord.Values{
- Name: b.Shoot.GetInfo().Name + "-" + v1beta1constants.DNSRecordOwnerName,
- SecretName: DNSRecordSecretPrefix + "-" + b.Shoot.GetInfo().Name + "-" + v1beta1constants.DNSRecordInternalName,
- Namespace: b.Shoot.SeedNamespace,
- TTL: b.Config.Controllers.Shoot.DNSEntryTTLSeconds,
- ReconcileOnlyOnChangeOrError: true, // avoid competing reconciliations during the control plane migration "bad case" scenario
- AnnotateOperation: true,
- }
-
- if b.NeedsInternalDNS() {
- values.Type = b.Garden.InternalDomain.Provider
- if b.Garden.InternalDomain.Zone != "" {
- values.Zone = &b.Garden.InternalDomain.Zone
- }
- values.SecretData = b.Garden.InternalDomain.SecretData
- values.DNSName = gardenerutils.GetOwnerDomain(b.Shoot.InternalClusterDomain)
- values.RecordType = extensionsv1alpha1.DNSRecordTypeTXT
- values.Values = []string{*b.Seed.GetInfo().Status.ClusterIdentity}
- }
-
- return extensionsdnsrecord.New(
- b.Logger,
- b.SeedClientSet.Client(),
- values,
- extensionsdnsrecord.DefaultInterval,
- extensionsdnsrecord.DefaultSevereThreshold,
- extensionsdnsrecord.DefaultTimeout,
- )
-}
-
// DeployOrDestroyExternalDNSRecord deploys, restores, or destroys the external DNSRecord and waits for the operation to complete.
func (b *Botanist) DeployOrDestroyExternalDNSRecord(ctx context.Context) error {
if b.NeedsExternalDNS() {
@@ -134,14 +101,6 @@ func (b *Botanist) DeployOrDestroyInternalDNSRecord(ctx context.Context) error {
return b.DestroyInternalDNSRecord(ctx)
}
-// DeployOrDestroyOwnerDNSRecord deploys, restores, or destroys the owner DNSRecord and waits for the operation to complete.
-func (b *Botanist) DeployOrDestroyOwnerDNSRecord(ctx context.Context) error {
- if b.NeedsInternalDNS() {
- return b.DeployOwnerDNSRecord(ctx)
- }
- return b.DestroyOwnerDNSRecord(ctx)
-}
-
// deployExternalDNSRecord deploys or restores the external DNSRecord and waits for the operation to complete.
func (b *Botanist) deployExternalDNSRecord(ctx context.Context) error {
if err := b.deployOrRestoreDNSRecord(ctx, b.Shoot.Components.Extensions.ExternalDNSRecord); err != nil {
@@ -158,14 +117,6 @@ func (b *Botanist) deployInternalDNSRecord(ctx context.Context) error {
return b.Shoot.Components.Extensions.InternalDNSRecord.Wait(ctx)
}
-// DeployOwnerDNSRecord deploys or restores the owner DNSRecord and waits for the operation to complete.
-func (b *Botanist) DeployOwnerDNSRecord(ctx context.Context) error {
- if err := b.deployOrRestoreDNSRecord(ctx, b.Shoot.Components.Extensions.OwnerDNSRecord); err != nil {
- return err
- }
- return b.Shoot.Components.Extensions.OwnerDNSRecord.Wait(ctx)
-}
-
// DestroyExternalDNSRecord destroys the external DNSRecord and waits for the operation to complete.
func (b *Botanist) DestroyExternalDNSRecord(ctx context.Context) error {
if err := b.Shoot.Components.Extensions.ExternalDNSRecord.Destroy(ctx); err != nil {
@@ -182,14 +133,6 @@ func (b *Botanist) DestroyInternalDNSRecord(ctx context.Context) error {
return b.Shoot.Components.Extensions.InternalDNSRecord.WaitCleanup(ctx)
}
-// DestroyOwnerDNSRecord destroys the owner DNSRecord and waits for the operation to complete.
-func (b *Botanist) DestroyOwnerDNSRecord(ctx context.Context) error {
- if err := b.Shoot.Components.Extensions.OwnerDNSRecord.Destroy(ctx); err != nil {
- return err
- }
- return b.Shoot.Components.Extensions.OwnerDNSRecord.WaitCleanup(ctx)
-}
-
// MigrateExternalDNSRecord migrates the external DNSRecord and waits for the operation to complete.
func (b *Botanist) MigrateExternalDNSRecord(ctx context.Context) error {
if err := b.Shoot.Components.Extensions.ExternalDNSRecord.Migrate(ctx); err != nil {
@@ -206,14 +149,6 @@ func (b *Botanist) MigrateInternalDNSRecord(ctx context.Context) error {
return b.Shoot.Components.Extensions.InternalDNSRecord.WaitMigrate(ctx)
}
-// MigrateOwnerDNSRecord migrates the owner DNSRecord and waits for the operation to complete.
-func (b *Botanist) MigrateOwnerDNSRecord(ctx context.Context) error {
- if err := b.Shoot.Components.Extensions.OwnerDNSRecord.Migrate(ctx); err != nil {
- return err
- }
- return b.Shoot.Components.Extensions.OwnerDNSRecord.WaitMigrate(ctx)
-}
-
func (b *Botanist) deployOrRestoreDNSRecord(ctx context.Context, dnsRecord component.DeployMigrateWaiter) error {
if b.isRestorePhase() {
return dnsRecord.Restore(ctx, b.GetShootState())
diff --git a/pkg/operation/botanist/dnsrecord_test.go b/pkg/operation/botanist/dnsrecord_test.go
index e920959c580..09ffa532236 100644
--- a/pkg/operation/botanist/dnsrecord_test.go
+++ b/pkg/operation/botanist/dnsrecord_test.go
@@ -406,27 +406,6 @@ var _ = Describe("dnsrecord", func() {
})
})
- Describe("#DefaultOwnerDNSRecord", func() {
- It("should create a component with correct values", func() {
- c := b.DefaultOwnerDNSRecord()
-
- Expect(c.GetValues()).To(DeepEqual(&dnsrecord.Values{
- Name: b.Shoot.GetInfo().Name + "-owner",
- SecretName: DNSRecordSecretPrefix + "-" + b.Shoot.GetInfo().Name + "-" + v1beta1constants.DNSRecordInternalName,
- Namespace: seedNamespace,
- DNSName: "owner." + internalDomain,
- RecordType: "TXT",
- Values: []string{seedClusterIdentity},
- SecretData: b.Garden.InternalDomain.SecretData,
- Zone: &b.Garden.InternalDomain.Zone,
- TTL: pointer.Int64(ttl),
- Type: internalProvider,
- ReconcileOnlyOnChangeOrError: true,
- AnnotateOperation: true,
- }))
- })
- })
-
Describe("#DeployOrDestroyExternalDNSRecord", func() {
Context("deploy", func() {
It("should call Deploy and Wait and succeed if they succeeded", func() {
diff --git a/pkg/operation/botanist/dnsresources.go b/pkg/operation/botanist/dnsresources.go
deleted file mode 100644
index cf4d1747989..00000000000
--- a/pkg/operation/botanist/dnsresources.go
+++ /dev/null
@@ -1,50 +0,0 @@
-// Copyright 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package botanist
-
-import (
- "context"
-
- v1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper"
-)
-
-// DeployOwnerDNSResources deploys or deletes the owner DNSRecord resource depending on whether
-// the 'ownerChecks' setting is enabled.
-// * If the ownerChecks is enabled, the DNSRecord resource is deployed (or restored).
-// * Otherwise, it is deleted.
-func (b *Botanist) DeployOwnerDNSResources(ctx context.Context) error {
- if v1beta1helper.SeedSettingOwnerChecksEnabled(b.Seed.GetInfo().Spec.Settings) {
- return b.DeployOrDestroyOwnerDNSRecord(ctx)
- } else {
- return b.DestroyOwnerDNSRecord(ctx)
- }
-}
-
-// DestroyOwnerDNSResources deletes the owner DNSRecord resource if it exists.
-func (b *Botanist) DestroyOwnerDNSResources(ctx context.Context) error {
- return b.DestroyOwnerDNSRecord(ctx)
-}
-
-// MigrateOrDestroyOwnerDNSResources migrates or destroys the owner DNSRecord resource depending on whether
-// the 'ownerChecks' setting is enabled.
-// * If the ownerChecks is enabled, the DNSRecord resource is migrated.
-// * Otherwise, it is destroyed.
-func (b *Botanist) MigrateOrDestroyOwnerDNSResources(ctx context.Context) error {
- if v1beta1helper.SeedSettingOwnerChecksEnabled(b.Seed.GetInfo().Spec.Settings) {
- return b.MigrateOwnerDNSRecord(ctx)
- } else {
- return b.DestroyOwnerDNSRecord(ctx)
- }
-}
diff --git a/pkg/operation/botanist/dnsresources_test.go b/pkg/operation/botanist/dnsresources_test.go
deleted file mode 100644
index 8ddae78a10b..00000000000
--- a/pkg/operation/botanist/dnsresources_test.go
+++ /dev/null
@@ -1,240 +0,0 @@
-// Copyright 2021 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package botanist_test
-
-import (
- "context"
-
- "github.com/go-logr/logr"
- "github.com/golang/mock/gomock"
- . "github.com/onsi/ginkgo/v2"
- . "github.com/onsi/gomega"
- "k8s.io/utils/pointer"
-
- gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
- mockdnsrecord "github.com/gardener/gardener/pkg/component/extensions/dnsrecord/mock"
- "github.com/gardener/gardener/pkg/operation"
- . "github.com/gardener/gardener/pkg/operation/botanist"
- "github.com/gardener/gardener/pkg/operation/garden"
- "github.com/gardener/gardener/pkg/operation/seed"
- "github.com/gardener/gardener/pkg/operation/shoot"
- gardenerutils "github.com/gardener/gardener/pkg/utils/gardener"
-)
-
-var _ = Describe("dnsrecord", func() {
- var (
- ctrl *gomock.Controller
-
- externalDNSRecord *mockdnsrecord.MockInterface
- internalDNSRecord *mockdnsrecord.MockInterface
- ingressDNSRecord *mockdnsrecord.MockInterface
- ownerDNSRecord *mockdnsrecord.MockInterface
-
- b *Botanist
-
- ctx = context.TODO()
- )
-
- BeforeEach(func() {
- ctrl = gomock.NewController(GinkgoT())
-
- externalDNSRecord = mockdnsrecord.NewMockInterface(ctrl)
- internalDNSRecord = mockdnsrecord.NewMockInterface(ctrl)
- ingressDNSRecord = mockdnsrecord.NewMockInterface(ctrl)
- ownerDNSRecord = mockdnsrecord.NewMockInterface(ctrl)
-
- b = &Botanist{
- Operation: &operation.Operation{
- Shoot: &shoot.Shoot{
- ExternalClusterDomain: pointer.String(externalDomain),
- ExternalDomain: &gardenerutils.Domain{
- Provider: externalProvider,
- },
- Components: &shoot.Components{
- Extensions: &shoot.Extensions{
- ExternalDNSRecord: externalDNSRecord,
- InternalDNSRecord: internalDNSRecord,
- IngressDNSRecord: ingressDNSRecord,
- OwnerDNSRecord: ownerDNSRecord,
- },
- },
- },
- Seed: &seed.Seed{},
-
- Garden: &garden.Garden{
- InternalDomain: &gardenerutils.Domain{
- Provider: internalProvider,
- },
- },
- Logger: logr.Discard(),
- },
- }
- b.Shoot.SetInfo(&gardencorev1beta1.Shoot{
- Spec: gardencorev1beta1.ShootSpec{
- DNS: &gardencorev1beta1.DNS{
- Domain: pointer.String(externalDomain),
- },
- Addons: &gardencorev1beta1.Addons{
- NginxIngress: &gardencorev1beta1.NginxIngress{
- Addon: gardencorev1beta1.Addon{
- Enabled: true,
- },
- },
- },
- },
- })
- b.Seed.SetInfo(&gardencorev1beta1.Seed{})
- })
-
- AfterEach(func() {
- ctrl.Finish()
- })
-
- Describe("#DeployOrDestroyExternalDNSRecord", func() {
- It("should deploy the external DNSRecord resource", func() {
- gomock.InOrder(
- externalDNSRecord.EXPECT().Deploy(ctx),
- externalDNSRecord.EXPECT().Wait(ctx),
- )
- Expect(b.DeployOrDestroyExternalDNSRecord(ctx)).To(Succeed())
- })
- })
-
- Describe("#DeployOrDestroyIngressDNSRecord", func() {
- It("should deploy the ingress DNSRecord resource", func() {
- gomock.InOrder(
- ingressDNSRecord.EXPECT().Deploy(ctx),
- ingressDNSRecord.EXPECT().Wait(ctx),
- )
- Expect(b.DeployOrDestroyIngressDNSRecord(ctx)).To(Succeed())
- })
- })
-
- Describe("#DeployOwnerDNSResources", func() {
- It("should deploy the owner DNSRecord resource", func() {
- b.Seed.GetInfo().Spec.Settings = &gardencorev1beta1.SeedSettings{
- OwnerChecks: &gardencorev1beta1.SeedSettingOwnerChecks{
- Enabled: true,
- },
- }
- gomock.InOrder(
- ownerDNSRecord.EXPECT().Deploy(ctx),
- ownerDNSRecord.EXPECT().Wait(ctx),
- )
- Expect(b.DeployOwnerDNSResources(ctx)).To(Succeed())
- })
-
- It("should delete the owner DNSRecord resource if owner checks are disabled", func() {
- gomock.InOrder(
- ownerDNSRecord.EXPECT().Destroy(ctx),
- ownerDNSRecord.EXPECT().WaitCleanup(ctx),
- )
- Expect(b.DeployOwnerDNSResources(ctx)).To(Succeed())
- })
- })
-
- Describe("#DestroyInternalDNSRecord", func() {
- It("should delete the internal DNS record", func() {
- gomock.InOrder(
- internalDNSRecord.EXPECT().Destroy(ctx),
- internalDNSRecord.EXPECT().WaitCleanup(ctx),
- )
- Expect(b.DestroyInternalDNSRecord(ctx)).To(Succeed())
- })
- })
-
- Describe("#DestroyExternalDNSRecord", func() {
- It("should delete the external DNS record", func() {
- gomock.InOrder(
- externalDNSRecord.EXPECT().Destroy(ctx),
- externalDNSRecord.EXPECT().WaitCleanup(ctx),
- )
- Expect(b.DestroyExternalDNSRecord(ctx)).To(Succeed())
- })
- })
-
- Describe("#DestroyIngressDNSRecord", func() {
- It("should delete the ingress DNS record", func() {
- gomock.InOrder(
- ingressDNSRecord.EXPECT().Destroy(ctx),
- ingressDNSRecord.EXPECT().WaitCleanup(ctx),
- )
- Expect(b.DestroyIngressDNSRecord(ctx)).To(Succeed())
- })
- })
-
- Describe("#DestroyOwnerDNSResources", func() {
- It("should delete the owner DNSRecord resource", func() {
- gomock.InOrder(
- ownerDNSRecord.EXPECT().Destroy(ctx),
- ownerDNSRecord.EXPECT().WaitCleanup(ctx),
- )
- Expect(b.DestroyOwnerDNSResources(ctx)).To(Succeed())
- })
- })
-
- Describe("#MigrateInternalDNSRecord", func() {
- It("should migrate the internal DNS record", func() {
- gomock.InOrder(
- internalDNSRecord.EXPECT().Migrate(ctx),
- internalDNSRecord.EXPECT().WaitMigrate(ctx),
- )
- Expect(b.MigrateInternalDNSRecord(ctx)).To(Succeed())
- })
- })
-
- Describe("#MigrateExternalDNSResources", func() {
- It("should migrate the external DNS record", func() {
- gomock.InOrder(
- externalDNSRecord.EXPECT().Migrate(ctx),
- externalDNSRecord.EXPECT().WaitMigrate(ctx),
- )
- Expect(b.MigrateExternalDNSRecord(ctx)).To(Succeed())
- })
- })
-
- Describe("#MigrateIngressDNSRecord", func() {
- It("should migrate the ingress DNS record", func() {
- gomock.InOrder(
- ingressDNSRecord.EXPECT().Migrate(ctx),
- ingressDNSRecord.EXPECT().WaitMigrate(ctx),
- )
- Expect(b.MigrateIngressDNSRecord(ctx)).To(Succeed())
- })
- })
-
- Describe("#MigrateOwnerDNSResources", func() {
- It("should migrate the owner DNSRecord resource", func() {
- b.Seed.GetInfo().Spec.Settings = &gardencorev1beta1.SeedSettings{
- OwnerChecks: &gardencorev1beta1.SeedSettingOwnerChecks{
- Enabled: true,
- },
- }
- gomock.InOrder(
- ownerDNSRecord.EXPECT().Migrate(ctx),
- ownerDNSRecord.EXPECT().WaitMigrate(ctx),
- )
- Expect(b.MigrateOrDestroyOwnerDNSResources(ctx)).To(Succeed())
- })
-
- It("should delete the owner DNSRecord resource if owner checks are disabled", func() {
- gomock.InOrder(
- ownerDNSRecord.EXPECT().Destroy(ctx),
- ownerDNSRecord.EXPECT().WaitCleanup(ctx),
- )
- Expect(b.MigrateOrDestroyOwnerDNSResources(ctx)).To(Succeed())
- })
- })
-})
diff --git a/pkg/operation/shoot/shoot.go b/pkg/operation/shoot/shoot.go
index bac6e624a80..f1c8232498a 100644
--- a/pkg/operation/shoot/shoot.go
+++ b/pkg/operation/shoot/shoot.go
@@ -355,7 +355,6 @@ func (s *Shoot) GetDNSRecordComponentsForMigration() []component.DeployMigrateWa
s.Components.Extensions.IngressDNSRecord,
s.Components.Extensions.ExternalDNSRecord,
s.Components.Extensions.InternalDNSRecord,
- s.Components.Extensions.OwnerDNSRecord,
}
}
diff --git a/pkg/operation/shoot/types.go b/pkg/operation/shoot/types.go
index 04249e2a84e..c4300b762ed 100644
--- a/pkg/operation/shoot/types.go
+++ b/pkg/operation/shoot/types.go
@@ -142,7 +142,6 @@ type Extensions struct {
ExternalDNSRecord dnsrecord.Interface
InternalDNSRecord dnsrecord.Interface
IngressDNSRecord dnsrecord.Interface
- OwnerDNSRecord dnsrecord.Interface
Extension extension.Interface
Infrastructure infrastructure.Interface
Network component.DeployMigrateWaiter
diff --git a/pkg/registry/core/seed/strategy.go b/pkg/registry/core/seed/strategy.go
index e581e565eae..74d1bc237b6 100644
--- a/pkg/registry/core/seed/strategy.go
+++ b/pkg/registry/core/seed/strategy.go
@@ -111,6 +111,14 @@ func (Strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorLis
// validation has succeeded but before the object has been persisted.
// This method may mutate the object.
func (Strategy) Canonicalize(obj runtime.Object) {
+ seed := obj.(*core.Seed)
+ dropOwnerChecksField(seed)
+}
+
+func dropOwnerChecksField(seed *core.Seed) {
+ if seed.Spec.Settings != nil && seed.Spec.Settings.OwnerChecks != nil {
+ seed.Spec.Settings.OwnerChecks = nil
+ }
}
// AllowCreateOnUpdate returns true if the object can be created by a PUT.
diff --git a/pkg/registry/core/seed/strategy_test.go b/pkg/registry/core/seed/strategy_test.go
index 596304f3c5e..f6689294870 100644
--- a/pkg/registry/core/seed/strategy_test.go
+++ b/pkg/registry/core/seed/strategy_test.go
@@ -124,4 +124,46 @@ var _ = Describe("Strategy", func() {
})
})
})
+
+ Describe("#Canonicalize", func() {
+ var seed *core.Seed
+
+ BeforeEach(func() {
+ seed = &core.Seed{}
+ })
+
+ Context("ownerChecks field", func() {
+ It("should drop the ownerChecks field when the settings is not nil", func() {
+ seed.Spec.Settings = &core.SeedSettings{
+ OwnerChecks: &core.SeedSettingOwnerChecks{
+ Enabled: false,
+ },
+ }
+
+ strategy.Canonicalize(seed)
+
+ Expect(seed.Spec.Settings.OwnerChecks).To(BeNil())
+
+ })
+
+ It("should do nothing when settings is nil", func() {
+ oldSeed := seed.DeepCopy()
+
+ strategy.Canonicalize(seed)
+
+ Expect(oldSeed).To(Equal(seed))
+ })
+
+ It("should do nothing when ownerChecks is nil", func() {
+ seed.Spec.Settings = &core.SeedSettings{
+ OwnerChecks: nil,
+ }
+ oldSeed := seed.DeepCopy()
+
+ strategy.Canonicalize(seed)
+
+ Expect(oldSeed).To(Equal(seed))
+ })
+ })
+ })
})
diff --git a/test/e2e/gardener/managedseed/create_rotate_delete.go b/test/e2e/gardener/managedseed/create_rotate_delete.go
index dfea48f493b..9b1626b3329 100644
--- a/test/e2e/gardener/managedseed/create_rotate_delete.go
+++ b/test/e2e/gardener/managedseed/create_rotate_delete.go
@@ -259,9 +259,6 @@ func buildManagedSeed(shoot *gardencorev1beta1.Shoot) (*seedmanagementv1alpha1.M
ExcessCapacityReservation: &gardencorev1beta1.SeedSettingExcessCapacityReservation{
Enabled: false,
},
- OwnerChecks: &gardencorev1beta1.SeedSettingOwnerChecks{
- Enabled: false,
- },
Scheduling: &gardencorev1beta1.SeedSettingScheduling{
Visible: false,
},
diff --git a/test/integration/gardenlet/controllerinstallation/controllerinstallation/controllerinstallation_test.go b/test/integration/gardenlet/controllerinstallation/controllerinstallation/controllerinstallation_test.go
index b74a2d1650d..89f09843807 100644
--- a/test/integration/gardenlet/controllerinstallation/controllerinstallation/controllerinstallation_test.go
+++ b/test/integration/gardenlet/controllerinstallation/controllerinstallation/controllerinstallation_test.go
@@ -280,8 +280,6 @@ var _ = Describe("ControllerInstallation controller tests", func() {
enabled: true
excessCapacityReservation:
enabled: true
- ownerChecks:
- enabled: false
scheduling:
visible: true
topologyAwareRouting: