Skip to content

chore: add remove-finalizers hook and update module-sdk to v0.7.0#44

Merged
duckhawk merged 8 commits intomainfrom
chore/remove-finalizers-hook-and-module-sdk-update
Feb 27, 2026
Merged

chore: add remove-finalizers hook and update module-sdk to v0.7.0#44
duckhawk merged 8 commits intomainfrom
chore/remove-finalizers-hook-and-module-sdk-update

Conversation

@duckhawk
Copy link
Member

@duckhawk duckhawk commented Feb 26, 2026
edited
Loading

Description

Unify the module delete hook (030-remove-finalizers-on-module-delete) and update module-sdk to v0.7.0.

Changes:

  • Renamed hook from 030-remove-sc-and-secrets-on-module-delete to 030-remove-finalizers-on-module-delete
  • Unified hook logic: removes finalizers from Secrets, ConfigMaps in module namespace; StorageClass (if controller creates them); all CR resources from module's crd folder
  • Updated module-sdk from v0.2.0 to v0.7.0
  • Added CRGVKsForFinalizerRemoval and WebhookConfigurationsToDelete to consts

Build fixes (commit 2):

  • Updated sds-common-lib to v0.0.0-20250428090414-0c2938b30fa7 (new kubeclient API without kubeconfigPath)
  • Fixed go.sum for module-sdk v0.7.0 (go mod tidy)
  • Added sds-common-lib and kubernetes-csi/external-snapshotter deps for sds-* and snapshot-controller modules

Gitleaks (commit 3):

  • Added .gitleaks.toml with allowlist for known false positives (docs, patches, test files)
  • For csi-ceph: replaced Ceph userKey example in docs with placeholder

Why do we need it, and what problem does it solve?

  • Ensures clean module deletion by removing finalizers that block resource deletion
  • Aligns all CSI/SDS modules with the same hook implementation
  • Updates module-sdk to the current version for compatibility and security
  • Enables secret scanning with gitleaks while filtering false positives

What is the expected result?

  • Module can be deleted without resources stuck in Terminating state due to finalizers
  • All modules use consistent finalizer removal logic
  • go build ./... in hooks/go passes for all modules
  • gitleaks detect passes for all modules

Checklist

  • The code is covered by unit tests. (N/A - hook logic)
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

@duckhawk
chore: add 030-remove-finalizers-on-module-delete hook and update mod…
b95c37e 
…ule-sdk to v0.7.0

- Add hook 030-remove-finalizers-on-module-delete
- Hook logic: remove finalizers from Secrets, ConfigMaps, StorageClass (if controller creates), CRs from crd folder
- Update module-sdk from v0.2.0 to v0.7.0 (where applicable)
- Add CRGVKsForFinalizerRemoval and WebhookConfigurationsToDelete to consts
@duckhawk
fix: add sds-common-lib and deps for remove-finalizers hook build
2ada3fe 
- Add github.com/deckhouse/sds-common-lib v0.0.0-20250428090414-0c2938b30fa7
- Add github.com/kubernetes-csi/external-snapshotter/client/v8
- Add k8s.io/api, k8s.io/apiextensions-apiserver, k8s.io/client-go
@duckhawk
chore: add gitleaks config with allowlist for false positives
b7154a1
@duckhawk duckhawk self-assigned this Feb 26, 2026
@duckhawk duckhawk merged commit 4d8ebf0 into main Feb 27, 2026
12 checks passed
@duckhawk duckhawk deleted the chore/remove-finalizers-hook-and-module-sdk-update branch February 27, 2026 11:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@krpsh123 krpsh123 krpsh123 approved these changes

Assignees

@duckhawk duckhawk

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@duckhawk @krpsh123