feat: Add VPC and Subnet retention and adoption

This commit introduces a retention policy for LinodeVPC resources,
allowing users to prevent the deletion of VPCs and their subnets
when the corresponding Kubernetes object is deleted.

Key features:
- A `retain` boolean field has been added to both `LinodeVPCSpec`
  and `VPCSubnetCreateOptions`.
- A new `--enable-subnet-deletion` controller flag allows for the
  deletion of unretained subnets within a retained VPC. This is
  disabled by default to prevent accidental data loss.
- The VPC reconciler now supports adopting existing VPCs and their
  subnets by matching labels. If a subnet from the spec is not
  found in the existing VPC, it will be created.

Comprehensive unit tests have been added in isolated test suites
to cover these new behaviors.

Author: komer3

api/v1alpha2/linodevpc_types.go

@@ -38,6 +38,13 @@ type LinodeVPCSpec struct {
 	// +optional
 	Subnets []VPCSubnetCreateOptions `json:"subnets,omitempty"`
 
+	// Retain allows you to keep the VPC after the LinodeVPC object is deleted.
+	// This is useful if you want to use an existing VPC that was not created by this controller.
+	// If set to true, the controller will not delete the VPC resource in Linode.
+	// Defaults to false.
+	// +optional
+	Retain *bool `json:"retain,omitempty"`
+
 	// CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this VPC. If not
 	// supplied then the credentials of the controller will be used.
 	// +optional
@@ -55,6 +62,11 @@ type VPCSubnetCreateOptions struct {
 	// SubnetID is subnet id for the subnet
 	// +optional
 	SubnetID int `json:"subnetID,omitempty"`
+	// Retain allows you to keep the Subnet after the LinodeVPC object is deleted.
+	// This is only applicable when the parent VPC has RetainVPC set to true and the
+	// --enable-subnet-deletion flag is enabled on the controller.
+	// +optional
+	Retain *bool `json:"retain,omitempty"`
 }
 
 // LinodeVPCStatus defines the observed state of LinodeVPC

api/v1alpha2/zz_generated.deepcopy.go

@@ -63,6 +63,8 @@ type LinodeVPCClient interface {
 	ListVPCs(ctx context.Context, opts *linodego.ListOptions) ([]linodego.VPC, error)
 	CreateVPC(ctx context.Context, opts linodego.VPCCreateOptions) (*linodego.VPC, error)
 	DeleteVPC(ctx context.Context, vpcID int) error
+	CreateVPCSubnet(ctx context.Context, opts linodego.VPCSubnetCreateOptions, vpcID int) (*linodego.VPCSubnet, error)
+	DeleteVPCSubnet(ctx context.Context, vpcID, subnetID int) error
 }
 
 // LinodeNodeBalancerClient defines the methods that interact with Linode's Node Balancer service.

clients/clients.go

@@ -88,6 +88,7 @@ type flagVars struct {
 	linodeVPCConcurrency                 int
 	linodePlacementGroupConcurrency      int
 	linodeFirewallConcurrency            int
+	enableSubnetDeletion                 bool
 }
 
 func init() {
@@ -152,6 +153,7 @@ func parseFlags() (flags flagVars, opts zap.Options) {
 	flag.IntVar(&flags.linodeVPCConcurrency, "linodevpc-concurrency", concurrencyDefault, "Number of LinodeVPCs to process simultaneously")
 	flag.IntVar(&flags.linodePlacementGroupConcurrency, "linodeplacementgroup-concurrency", concurrencyDefault, "Number of Linode Placement Groups to process simultaneously")
 	flag.IntVar(&flags.linodeFirewallConcurrency, "linodefirewall-concurrency", concurrencyDefault, "Number of Linode Firewall to process simultaneously")
+	flag.BoolVar(&flags.enableSubnetDeletion, "enable-subnet-deletion", false, "Enable the deletion of subnets in a retained VPC.")
 
 	opts = zap.Options{Development: true}
 	opts.BindFlags(flag.CommandLine)
@@ -293,10 +295,11 @@ func setupControllers(mgr manager.Manager, flags flagVars, linodeClientConfig, d
 
 	// LinodeVPC Controller
 	if err := (&controller.LinodeVPCReconciler{
-		Client:             mgr.GetClient(),
-		Recorder:           mgr.GetEventRecorderFor("LinodeVPCReconciler"),
-		WatchFilterValue:   flags.clusterWatchFilter,
-		LinodeClientConfig: linodeClientConfig,
+		Client:               mgr.GetClient(),
+		Recorder:             mgr.GetEventRecorderFor("LinodeVPCReconciler"),
+		WatchFilterValue:     flags.clusterWatchFilter,
+		LinodeClientConfig:   linodeClientConfig,
+		EnableSubnetDeletion: flags.enableSubnetDeletion,
 	}).SetupWithManager(mgr, crcontroller.Options{MaxConcurrentReconciles: flags.linodeVPCConcurrency}); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "LinodeVPC")
 		os.Exit(1)

cmd/main.go

@@ -72,6 +72,13 @@ spec:
                 x-kubernetes-validations:
                 - message: Value is immutable
                   rule: self == oldSelf
+              retain:
+                description: |-
+                  Retain allows you to keep the VPC after the LinodeVPC object is deleted.
+                  This is useful if you want to use an existing VPC that was not created by this controller.
+                  If set to true, the controller will not delete the VPC resource in Linode.
+                  Defaults to false.
+                type: boolean
               subnets:
                 items:
                   description: VPCSubnetCreateOptions defines subnet options
@@ -82,6 +89,12 @@ spec:
                       maxLength: 63
                       minLength: 3
                       type: string
+                    retain:
+                      description: |-
+                        Retain allows you to keep the Subnet after the LinodeVPC object is deleted.
+                        This is only applicable when the parent VPC has RetainVPC set to true and the
+                        --enable-subnet-deletion flag is enabled on the controller.
+                      type: boolean
                     subnetID:
                       description: SubnetID is subnet id for the subnet
                       type: integer

config/crd/bases/infrastructure.cluster.x-k8s.io_linodevpcs.yaml

@@ -1059,6 +1059,7 @@ _Appears in:_
 | `description` _string_ |  |  |  |
 | `region` _string_ |  |  |  |
 | `subnets` _[VPCSubnetCreateOptions](#vpcsubnetcreateoptions) array_ |  |  |  |
+| `retain` _boolean_ | Retain allows you to keep the VPC after the LinodeVPC object is deleted.<br />This is useful if you want to use an existing VPC that was not created by this controller.<br />If set to true, the controller will not delete the VPC resource in Linode.<br />Defaults to false. |  |  |
 | `credentialsRef` _[SecretReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#secretreference-v1-core)_ | CredentialsRef is a reference to a Secret that contains the credentials to use for provisioning this VPC. If not<br />supplied then the credentials of the controller will be used. |  |  |
 
 
@@ -1217,5 +1218,6 @@ _Appears in:_
 | `label` _string_ |  |  | MaxLength: 63 <br />MinLength: 3 <br /> |
 | `ipv4` _string_ |  |  |  |
 | `subnetID` _integer_ | SubnetID is subnet id for the subnet |  |  |
+| `retain` _boolean_ | Retain allows you to keep the Subnet after the LinodeVPC object is deleted.<br />This is only applicable when the parent VPC has RetainVPC set to true and the<br />--enable-subnet-deletion flag is enabled on the controller. |  |  |
 
 

docs/src/reference/out.md

@@ -54,10 +54,11 @@ import (
 // LinodeVPCReconciler reconciles a LinodeVPC object
 type LinodeVPCReconciler struct {
 	client.Client
-	Recorder           record.EventRecorder
-	LinodeClientConfig scope.ClientConfig
-	WatchFilterValue   string
-	ReconcileTimeout   time.Duration
+	Recorder             record.EventRecorder
+	LinodeClientConfig   scope.ClientConfig
+	WatchFilterValue     string
+	EnableSubnetDeletion bool
+	ReconcileTimeout     time.Duration
 }
 
 // +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=linodevpcs,verbs=get;list;watch;create;update;patch;delete
@@ -293,6 +294,35 @@ func (r *LinodeVPCReconciler) reconcileUpdate(ctx context.Context, logger logr.L
 func (r *LinodeVPCReconciler) reconcileDelete(ctx context.Context, logger logr.Logger, vpcScope *scope.VPCScope) (ctrl.Result, error) {
 	logger.Info("deleting VPC")
 
+	if vpcScope.LinodeVPC.Spec.Retain != nil && *vpcScope.LinodeVPC.Spec.Retain {
+		logger.Info("VPC has retain flag, skipping VPC deletion")
+
+		if r.EnableSubnetDeletion && vpcScope.LinodeVPC.Spec.VPCID != nil {
+			logger.Info("subnet deletion enabled, checking subnets")
+			vpc, err := vpcScope.LinodeClient.GetVPC(ctx, *vpcScope.LinodeVPC.Spec.VPCID)
+			if err != nil {
+				if util.IgnoreLinodeAPIError(err, http.StatusNotFound) != nil {
+					return ctrl.Result{}, err
+				}
+			}
+			if vpc != nil {
+				for _, subnet := range vpcScope.LinodeVPC.Spec.Subnets {
+					if subnet.Retain != nil && *subnet.Retain {
+						continue
+					}
+
+					logger.Info("deleting subnet", "subnetID", subnet.SubnetID)
+					if err := vpcScope.LinodeClient.DeleteVPCSubnet(ctx, *vpcScope.LinodeVPC.Spec.VPCID, subnet.SubnetID); util.IgnoreLinodeAPIError(err, http.StatusNotFound) != nil {
+						return ctrl.Result{}, err
+					}
+				}
+			}
+		}
+
+		controllerutil.RemoveFinalizer(vpcScope.LinodeVPC, infrav1alpha2.VPCFinalizer)
+		return ctrl.Result{}, nil
+	}
+
 	if vpcScope.LinodeVPC.Spec.VPCID != nil {
 		vpc, err := vpcScope.LinodeClient.GetVPC(ctx, *vpcScope.LinodeVPC.Spec.VPCID)
 		if util.IgnoreLinodeAPIError(err, http.StatusNotFound) != nil {

internal/controller/linodevpc_controller.go

@@ -55,7 +55,32 @@ func reconcileVPC(ctx context.Context, vpcScope *scope.VPCScope, logger logr.Log
 	} else if len(vpcs) != 0 {
 		// Labels are unique
 		vpcScope.LinodeVPC.Spec.VPCID = &vpcs[0].ID
-		updateVPCSpecSubnets(vpcScope, &vpcs[0])
+
+		// build a map of existing subnets to easily check for existence
+		existingSubnets := make(map[string]int)
+		for _, subnet := range vpcs[0].Subnets {
+			existingSubnets[subnet.Label] = subnet.ID
+		}
+
+		// adopt or create subnets
+		for i, subnet := range vpcScope.LinodeVPC.Spec.Subnets {
+			if subnet.SubnetID != 0 {
+				continue
+			}
+			if id, ok := existingSubnets[subnet.Label]; ok {
+				vpcScope.LinodeVPC.Spec.Subnets[i].SubnetID = id
+			} else {
+				createSubnetConfig := linodego.VPCSubnetCreateOptions{
+					Label: subnet.Label,
+					IPv4:  subnet.IPv4,
+				}
+				newSubnet, err := vpcScope.LinodeClient.CreateVPCSubnet(ctx, createSubnetConfig, *vpcScope.LinodeVPC.Spec.VPCID)
+				if err != nil {
+					return err
+				}
+				vpcScope.LinodeVPC.Spec.Subnets[i].SubnetID = newSubnet.ID
+			}
+		}
 
 		return nil
 	}