[feat] Add VPC and Subnet retention and adoption #789
Conversation
This commit introduces a retention policy for LinodeVPC resources, allowing users to prevent the deletion of VPCs and their subnets when the corresponding Kubernetes object is deleted. Key features: - A `retain` boolean field has been added to both `LinodeVPCSpec` and `VPCSubnetCreateOptions`. - A new `--enable-subnet-deletion` controller flag allows for the deletion of unretained subnets within a retained VPC. This is disabled by default to prevent accidental data loss. - The VPC reconciler now supports adopting existing VPCs and their subnets by matching labels. If a subnet from the spec is not found in the existing VPC, it will be created. Comprehensive unit tests have been added in isolated test suites to cover these new behaviors.
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #789 +/- ##
==========================================
- Coverage 63.01% 62.82% -0.19%
==========================================
Files 71 71
Lines 7078 7177 +99
==========================================
+ Hits 4460 4509 +49
- Misses 2362 2401 +39
- Partials 256 267 +11 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| vpcScope.LinodeVPC.Spec.VPCID = &vpcs[0].ID | ||
| updateVPCSpecSubnets(vpcScope, &vpcs[0]) | ||
|
|
||
| // build a map of existing subnets to easily check for existence |
There was a problem hiding this comment.
are existing subnets allowed to have linodes attached to them when we adopt the subnet and vpc for the cluster?
There was a problem hiding this comment.
Yeah they can. I can see a customer wanting multiple clusters in the same VPC subnet. If there are linode in the existing subnet and use want to reuse that subnet, they should use retain flag for that subnet to make sure we don't delete it.
|
Does this mean that in order to adopt a vpc or subnet, the label needs to be provided? Can it still be adopted by just providing the ID at create time of the linodeVPC resource? |
No you don't need to provide the label (just ID will work). If you want, you can provide the label instead of subnetID. That'll go and find a subnet with that label. If not found, it'll create it. |
| ### Running cilium connectivity tests | ||
| One can also run cilium connectivity tests to make sure networking works fine within VPC. Follow the steps defined in [cilium e2e tests](https://docs.cilium.io/en/stable/contributing/testing/e2e/) guide to install cilium binary, set the KUBECONFIG variable and then run `cilium connectivity tests`. | ||
|
|
||
| ``` |
There was a problem hiding this comment.
accidental addition?
There was a problem hiding this comment.
oops yeah let me remove that
There was a problem hiding this comment.
looks like it came back? 🤔
…eteRetainedSubnets to handleRetainedSubnets to better reflect functionality.
rahulait
left a comment
rahulait
left a comment
There was a problem hiding this comment.
Overall, it looks good to me.
…undant logging in handleRetainedSubnets method for improved clarity and maintainability.
…tCreateOptions to ensure consistency in terminology. Refactor VPC fetching logic in LinodeVPCReconciler to improve code clarity and reduce redundancy by introducing a helper function for VPC retrieval.
There was a problem hiding this comment.
Pull Request Overview
This PR introduces VPC and Subnet retention flags plus adoption logic, letting users prevent deletion of existing network resources and adopt them by label.
- Adds
retainfields to API types, CRD schema, and documentation. - Refactors deletion reconciliation into separate helpers for retained vs. non-retained VPCs and subnets.
- Implements adoption by matching labels and creating missing subnets, with corresponding client interface, wrappers, mocks, and tests.
Reviewed Changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| api/v1alpha2/linodevpc_types.go | Added Retain fields to LinodeVPCSpec and subnets |
| config/crd/bases/infrastructure..._linodevpcs.yaml | Schema defaults and docs for retain flags |
| internal/controller/linodevpc_controller.go | Split reconcileDelete into deleteVPCResources and retention handlers |
| internal/controller/linodevpc_controller_helpers.go | New reconcileExistingVPC, getVPC, and subnet adoption logic |
| internal/controller/linodevpc_controller_test.go | Tests covering retention and adoption behaviors |
| docs/src/topics/vpc.md & docs/src/reference/out.md | Documentation for retention and adoption features |
Comments suppressed due to low confidence (3)
docs/src/topics/vpc.md:89
- The text says this behavior is the default, but the field's default is
false. Clarify that users must explicitly setspec.retain: trueto retain the VPC.
- **`spec.retain`**: When set to `true` on the `LinodeVPC`, the VPC itself will not be deleted from Linode. This is the default and recommended behavior when adopting an existing VPC.
internal/controller/linodevpc_controller.go:452
- This log and the subsequent error handling are always executed because they are placed outside the loop's conditional. It should only run when a subnet with attached nodes is found, for example by returning from inside the loop or wrapping this block in an
iftracking that condition.
logger.Info("VPC subnets still has node(s) attached")
What this PR does / why we need it:
This PR introduces a crucial feature for users who want to manage existing Linode VPCs with the Cluster API provider or who need to prevent the controller from deleting VPCs and subnets that are managed externally. It provides more granular control over the lifecycle of network resources.
NOTE: We currently don't have functionality to update predefined/already-created subnets. We only have create/delete operations at the moment.
The new functionality includes:
retainflag on aLinodeVPC. When this flag is set, the controller will not delete the VPC in the Linode API when the Kubernetes object is removed. This allows the VPC to persist beyond the lifecycle of the CAPI cluster.LinodeVPCis marked with theretainflag, the controller will still manage the subnets defined within it. Any subnet that is not also marked with aretainflag will be deleted by the controller during theLinodeVPCdeletion reconciliation. This allows for fine-grained control over which network resources are managed by CAPI.LinodeVPCresource name to an existing VPC's label in the Linode API. It will also adopt any existing subnets within that VPC by matching labels, and create any subnets that are defined in the spec but do not yet exist.Special notes for your reviewer:
This PR introduces several important changes. Please pay close attention to the following areas:
API Changes (
api/v1alpha2/linodevpc_types.go):Retainfields have been added toLinodeVPCSpecandVPCSubnetCreateOptions. Please review the documentation for these fields.Deletion Logic (
internal/controller/linodevpc_controller.go):reconcileDeletefunction contains the core logic for the retention policy. The flow first checks for the VPCretainflag. If the flag is set, it proceeds tohandleRetainedVPC, which will delete any subnets that are part of theLinodeVPCspec and do not have their ownretainflag set. The VPC itself is not deleted.Adoption Logic (
internal/controller/linodevpc_controller_helpers.go):reconcileVPCandreconcileExistingVPChelper functions contain the logic for adopting existing VPCs and subnets by label, and creating new ones if they don't exist. This is a critical piece of the adoption feature.Unit Tests (
internal/controller/linodevpc_controller_test.go):TODOs: