openshift · alvlkov · Dec 13, 2024 · Dec 13, 2024 · Apr 7, 2025 · Apr 7, 2025
diff --git a/scripts/CEE/delete-pod/README.md b/scripts/CEE/delete-pod/README.md
@@ -0,0 +1,23 @@
+# Delete Openshift Pod Script
+
+## Purpose
+
+This script is designed to delete a pod from OpenShift cluster core namespace.
+
+## Usage
+
+Parameters:
+- POD_NAME: Name of pod to delete.
+- NAMESPACE: Namespace name where por to delete is running, must start with openshift-*.
+- FLAGS: Optional flags, currently only accepts --force.
+
+```bash
+ocm backplane managedjob create CEE/delete-pod -p POD_NAME: dns-default-h7l2w -p NAMESPACE=openshift-dns -p FLAGS="--force"
+```
+
+## Important Notes
+
+- The script utilizes the `oc` command-line tool, and the user running the script should have the necessary permissions to access the cluster.
+- Ensure that the required tools (`oc`) are available in the environment where the script is executed.
+- The script requires pod to be bound to a replicaset. Otherwise pod cannot be deleted.
+- The script provides force flag to bypass replicaset check.
diff --git a/scripts/CEE/delete-pod/metadata.yaml b/scripts/CEE/delete-pod/metadata.yaml
@@ -0,0 +1,31 @@
+file: script.sh
+name: delete-pod
+shortDescription: Deletes a pod from openshift namespace 
+description: Deletes a single pod from openshift's reserved namespace. 
+author: Alex Volkov
+allowedGroups:
+  - SREP
+  - MCSTierTwo
+rbac:
+  clusterRoleRules:
+    - apiGroups:
+        - ""
+      resources:
+        - "pods"
+      verbs:
+        - "delete"
+        - "get"
+
+envs:
+- key: POD_NAME
+  description: Name of the pod to delete
+  optional: false
+- key: NAMESPACE
+  description: Namespace name where pod to delete is running, must start with openshift-*
+  optional: false
+- key: FLAGS
+  description: Flag to bypass ReplicaSet validation
+  optional: true
+
+language: bash
+customerDataAccess: false
diff --git a/scripts/CEE/delete-pod/script.sh b/scripts/CEE/delete-pod/script.sh
@@ -0,0 +1,73 @@
+#!/bin/bash
+
+set -e
+set -o errexit
+set -o nounset
+set -o pipefail
+
+## Input validation
+if ! declare -p FLAGS &>/dev/null || [[ -z "${FLAGS}" ]]; then
+  FLAGS=""
+fi
+
+# If --force is in FLAGS, set FORCE_FLAG to true
+FORCE_FLAG=false
+if [[ "$FLAGS" =~ --force ]]; then
+  FORCE_FLAG=true
+fi
+
+if [[ -z "${POD_NAME:-}" ]]; then
+    echo 'Variable POD_NAME cannot be blank'
+    exit 1
+fi
+
+if [[ -z "${NAMESPACE:-}" ]]; then
+    echo 'Variable NAMESPACE cannot be blank'
+    exit 1
+fi
+
+### Check namespace is "openshift-*"
+if [[ ! "$NAMESPACE" =~ ^openshift-.*$ ]]; then
+  echo "The namespace must start with 'openshift-'"
+  exit 1
+fi
+
+## Validate if pod is owned by a replicaset
+check_owned_by_replicaset(){
+  echo -e "\n[INFO] Checking replicaset owning the pod \"${POD_NAME}\" from \"${NAMESPACE}\" namespace."
+
+  local owner_kind
+  owner_kind=$(oc get pod "$POD_NAME" -n "$NAMESPACE" -o jsonpath='{.metadata.ownerReferences[0].kind}' 2>/dev/null || echo "")  
+
+  if [[ "$owner_kind" == "ReplicaSet" ]]; then
+    echo "[INFO] Pod '${POD_NAME}' is owned by a ReplicaSet."
+  else
+    echo "[WARN] Pod '${POD_NAME}' is not owned by a ReplicaSet."
+
+    if [[ "$FORCE_FLAG" != true ]]; then
+      echo "[ERROR] Deletion blocked. Use --force to override." >&2
+      exit 1
+    else
+      echo "[INFO] --force flag detected. Proceeding with deletion."
+    fi
+  fi
+}
+
+## Delete pod
+delete_pod(){
+  echo -e "\n[INFO] Deleting pod \"${POD_NAME}\" from \"${NAMESPACE}\" namespace."
+  oc delete pod "$POD_NAME" -n "$NAMESPACE"
+
+  if [ $? -eq 0 ]; then
+    echo -e "\n[SUCCESS] Pod '$POD_NAME' successfully deleted from namespace '$NAMESPACE'."
+  else
+    echo -e "\n[ERROR] Failed to delete pod '$POD_NAME' from namespace '$NAMESPACE'."
+  fi
+}
+
+main(){
+  check_owned_by_replicaset
+  delete_pod
+}
+
+main