wip

Signed-off-by: Attila Mészáros <a_meszaros@apple.com>

Author: csviri

sample-operators/controller-namespace-deletion/k8s/operator.yaml

@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: operator
+
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: operator
+spec:
+  serviceAccountName: operator
+  containers:
+    - name: operator
+      image: controller-namespace-deletion-operator
+      imagePullPolicy: Never
+      env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+  terminationGracePeriodSeconds: 30
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: operator
+  finalizers:
+    - controller.deletion/finalizer
+subjects:
+  - kind: ServiceAccount
+    name: operator
+roleRef:
+  kind: Role
+  name: operator
+  apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: operator
+  finalizers:
+    - controller.deletion/finalizer
+rules:
+  - apiGroups:
+      - "apiextensions.k8s.io"
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - '*'
+  - apiGroups:
+      - "namespacedeletion.io"
+    resources:
+      - controllernamespacedeletioncustomresources
+      - controllernamespacedeletioncustomresources/status
+    verbs:
+      - '*'
+

sample-operators/controller-namespace-deletion/pom.xml

@@ -77,7 +77,7 @@
             <image>gcr.io/distroless/java17-debian11</image>
           </from>
           <to>
-            <image>leader-election-operator</image>
+            <image>controller-namespace-deletion-operator</image>
           </to>
         </configuration>
       </plugin>

sample-operators/controller-namespace-deletion/src/main/java/io/javaoperatorsdk/operator/sample/ControllerNamespaceDeletionCustomResource.java

@@ -1,12 +1,14 @@
 package io.javaoperatorsdk.operator.sample;
 
+import io.fabric8.kubernetes.api.model.Namespaced;
 import io.fabric8.kubernetes.client.CustomResource;
 import io.fabric8.kubernetes.model.annotation.Group;
 import io.fabric8.kubernetes.model.annotation.Version;
 
 @Group("namespacedeletion.io")
 @Version("v1")
 public class ControllerNamespaceDeletionCustomResource
-    extends CustomResource<ControllerNamespaceDeletionSpec, ControllerNamespaceDeletionStatus> {
+    extends CustomResource<ControllerNamespaceDeletionSpec, ControllerNamespaceDeletionStatus>
+    implements Namespaced {
 
 }

sample-operators/controller-namespace-deletion/src/main/java/io/javaoperatorsdk/operator/sample/ControllerNamespaceDeletionOperator.java

@@ -1,19 +1,46 @@
 package io.javaoperatorsdk.operator.sample;
 
+import java.time.LocalTime;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import io.fabric8.kubernetes.client.KubernetesClientBuilder;
 import io.javaoperatorsdk.operator.Operator;
+import io.javaoperatorsdk.operator.api.config.ControllerConfigurationOverrider;
+
+import static java.time.temporal.ChronoUnit.SECONDS;
 
 public class ControllerNamespaceDeletionOperator {
 
   private static final Logger log =
       LoggerFactory.getLogger(ControllerNamespaceDeletionOperator.class);
 
   public static void main(String[] args) {
-    Operator operator = new Operator();
 
-    operator.register(new ControllerNamespaceDeletionReconciler());
+    Runtime.getRuntime().addShutdownHook(new Thread(() -> {
+      log.info("Shutting down...");
+      boolean allResourcesDeleted = waitUntilResourcesDeleted();
+      log.info("All resources within timeout: {}", allResourcesDeleted);
+    }));
+
+    Operator operator = new Operator();
+    operator.register(new ControllerNamespaceDeletionReconciler(),
+        ControllerConfigurationOverrider::watchingOnlyCurrentNamespace);
     operator.start();
   }
+
+  private static boolean waitUntilResourcesDeleted() {
+    try (var client = new KubernetesClientBuilder().build()) {
+      var startTime = LocalTime.now();
+      while (startTime.until(LocalTime.now(), SECONDS) < 30) {
+        var items =
+            client.resources(ControllerNamespaceDeletionCustomResource.class).list().getItems();
+        if (items.isEmpty()) {
+          return true;
+        }
+      }
+      return false;
+    }
+  }
 }

sample-operators/controller-namespace-deletion/src/test/java/io/javaoperatorsdk/operator/sample/ControllerNamespaceDeletionE2E.java

@@ -0,0 +1,140 @@
+package io.javaoperatorsdk.operator.sample;
+
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.time.Duration;
+import java.util.List;
+import java.util.UUID;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import io.fabric8.kubernetes.api.model.HasMetadata;
+import io.fabric8.kubernetes.api.model.NamespaceBuilder;
+import io.fabric8.kubernetes.api.model.ObjectMetaBuilder;
+import io.fabric8.kubernetes.api.model.rbac.RoleBinding;
+import io.fabric8.kubernetes.client.ConfigBuilder;
+import io.fabric8.kubernetes.client.KubernetesClient;
+import io.fabric8.kubernetes.client.KubernetesClientBuilder;
+
+import static io.javaoperatorsdk.operator.junit.AbstractOperatorExtension.CRD_READY_WAIT;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.awaitility.Awaitility.await;
+
+
+class ControllerNamespaceDeletionE2E {
+
+  private static final Logger log = LoggerFactory.getLogger(ControllerNamespaceDeletionE2E.class);
+
+  public static final String TEST_RESOURCE_NAME = "test1";
+  public static final String INITIAL_VALUE = "initial value";
+  public static final String ROLE_ROLE_BINDING_FINALIZER = "controller.deletion/finalizer";
+  public static final String RESOURCE_NAME = "operator";
+
+  String namespace;
+  KubernetesClient client;
+
+  // not for local mode by design
+  // @EnabledIfSystemProperty(named = "test.deployment", matches = "remote")
+  @Test
+  void customResourceCleanedUpOnNamespaceDeletion() {
+    deployController();
+    client.resource(testResource()).serverSideApply();
+
+    await().untilAsserted(() -> {
+      var res = client.resources(ControllerNamespaceDeletionCustomResource.class)
+          .inNamespace(namespace).withName(TEST_RESOURCE_NAME).get();
+      assertThat(res.getStatus()).isNotNull();
+      assertThat(res.getStatus().getValue()).isEqualTo(INITIAL_VALUE);
+    });
+
+    client.namespaces().withName(namespace).delete();
+
+    await().timeout(Duration.ofSeconds(20)).untilAsserted(() -> {
+      var ns = client.resources(ControllerNamespaceDeletionCustomResource.class)
+          .inNamespace(namespace).withName(TEST_RESOURCE_NAME).get();
+      assertThat(ns).isNull();
+    });
+
+    log.info("Removing finalizers from role and role bing");
+    removeRoleAndRoleBindingFinalizers();
+
+    await().untilAsserted(() -> {
+      var ns = client.namespaces().withName(namespace).get();
+      assertThat(ns).isNull();
+    });
+  }
+
+  private void removeRoleAndRoleBindingFinalizers() {
+    var rolebinding =
+        client.rbac().roleBindings().inNamespace(namespace).withName(RESOURCE_NAME).get();
+    rolebinding.getFinalizers().clear();
+    client.resource(rolebinding).update();
+
+    var role = client.rbac().roles().inNamespace(namespace).withName(RESOURCE_NAME).get();
+    role.getFinalizers().clear();
+    client.resource(role).update();
+
+  }
+
+  ControllerNamespaceDeletionCustomResource testResource() {
+    var cr = new ControllerNamespaceDeletionCustomResource();
+    cr.setMetadata(new ObjectMetaBuilder()
+        .withName(TEST_RESOURCE_NAME)
+        .withNamespace(namespace)
+        .build());
+    cr.setSpec(new ControllerNamespaceDeletionSpec());
+    cr.getSpec().setValue(INITIAL_VALUE);
+    return cr;
+  }
+
+
+  @BeforeEach
+  void setup() {
+    namespace = "controller-namespace-" + UUID.randomUUID();
+    client = new KubernetesClientBuilder().withConfig(new ConfigBuilder()
+        .withNamespace(namespace)
+        .build()).build();
+    applyCRD();
+    client.namespaces().resource(new NamespaceBuilder().withNewMetadata().withName(namespace)
+        .endMetadata().build()).create();
+  }
+
+  void deployController() {
+    try {
+      List<HasMetadata> resources = client.load(new FileInputStream("k8s/operator.yaml")).items();
+      resources.forEach(hm -> {
+        hm.getMetadata().setNamespace(namespace);
+        if (hm.getKind().equalsIgnoreCase("rolebinding")) {
+          var crb = (RoleBinding) hm;
+          for (var subject : crb.getSubjects()) {
+            subject.setNamespace(namespace);
+          }
+        }
+      });
+      client.resourceList(resources)
+          .inNamespace(namespace)
+          .createOrReplace();
+
+    } catch (FileNotFoundException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  void applyCRD() {
+    String path =
+        "target/classes/META-INF/fabric8/controllernamespacedeletioncustomresources.namespacedeletion.io-v1.yml";
+    try (InputStream is = new FileInputStream(path)) {
+      final var crd = client.load(is);
+      crd.serverSideApply();
+      Thread.sleep(CRD_READY_WAIT);
+      log.debug("Applied CRD with name: {}", crd.get().get(0).getMetadata().getName());
+    } catch (InterruptedException | IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+}