Create the cluster namespace when a hub is imported by a global hub

mprahl · openshift-merge-robot · commit 21c01f09f46b · 2023-09-27T13:26:34.000-04:00
When syncPoliciesOnMulticlusterHub is true, it's indicating that the hub is imported by a global hub. The namespace must be created on the hub to sync policies from the global hub. The namespace also needs to be cleaned up when uninstalled, so the clean up pod is now enabled in this scenario too. Relates: https://issues.redhat.com/browse/ACM-7655 Signed-off-by: mprahl <mprahl@users.noreply.github.com>
diff --git a/pkg/addon/policyframework/manifests/managedclusterchart/templates/cleanup_pod.yaml b/pkg/addon/policyframework/manifests/managedclusterchart/templates/cleanup_pod.yaml
@@ -1,6 +1,6 @@
 # Copyright Contributors to the Open Cluster Management project
 
-{{- if or (not .Values.onMulticlusterHub) (eq .Values.installMode "Hosted") }}
+{{- if or (not .Values.onMulticlusterHub) (eq .Values.installMode "Hosted") (.Values.args.syncPoliciesOnMulticlusterHub) }}
 apiVersion: v1
 kind: Pod
 metadata:
diff --git a/pkg/addon/policyframework/manifests/managedclusterchart/templates/namespace.yaml b/pkg/addon/policyframework/manifests/managedclusterchart/templates/namespace.yaml
@@ -1,6 +1,6 @@
 # Copyright Contributors to the Open Cluster Management project
 
-{{- if and (not .Values.onMulticlusterHub) (ne .Values.installMode "Hosted") }}
+{{- if or (and (not .Values.onMulticlusterHub) (ne .Values.installMode "Hosted")) (and .Values.onMulticlusterHub .Values.args.syncPoliciesOnMulticlusterHub) }}
 apiVersion: v1
 kind: Namespace
 metadata:
diff --git a/test/e2e/case1_framework_deployment_test.go b/test/e2e/case1_framework_deployment_test.go
@@ -331,13 +331,6 @@ var _ = Describe("Test framework deployment", func() {
 			cluster.clusterName,
 			"policy.open-cluster-management.io/sync-policies-on-multicluster-hub=true",
 		)
-		DeferCleanup(
-			Kubectl,
-			"annotate",
-			"ManagedCluster",
-			cluster.clusterName,
-			"policy.open-cluster-management.io/sync-policies-on-multicluster-hub-",
-		)
 
 		// This is a hack to trigger a reconcile.
 		Kubectl(
@@ -347,8 +340,11 @@ var _ = Describe("Test framework deployment", func() {
 			"ManagedClusterAddOn",
 			case1ManagedClusterAddOnName,
 			"trigger-reconcile="+time.Now().Format(time.RFC3339),
+			"--overwrite",
 		)
 
+		By(logPrefix + "verifying that the spec sync is not disabled")
+
 		Eventually(func(g Gomega) {
 			deploy = GetWithTimeout(
 				cluster.clusterClient, gvrDeployment, case1DeploymentName, addonNamespace, true, 60,
@@ -365,6 +361,52 @@ var _ = Describe("Test framework deployment", func() {
 				g.Expect(arg).ToNot(Equal("--disable-spec-sync=true"))
 			}
 		}, 60, 5).Should(Succeed())
+
+		By(logPrefix + "cleaning up")
+
+		Kubectl("annotate", "-n", cluster.clusterName, "-f", case1ManagedClusterAddOnCR, "policy-addon-pause=true")
+
+		// This is hacky but this sets the ManifestWork to orphan everything so that we can remove the
+		// policy.open-cluster-management.io/sync-policies-on-multicluster-hub annotation and not have it delete
+		// the cluster namespace. This will get reset to SelectivelyOrphan when the addon controller is reconciled
+		// below.
+		Eventually(func(g Gomega) {
+			mw := GetWithTimeout(clientDynamic, gvrManifestWork, case1MWName, cluster.clusterName, true, 15)
+
+			err := unstructured.SetNestedField(mw.Object, "Orphan", "spec", "deleteOption", "propagationPolicy")
+			g.Expect(err).ToNot(HaveOccurred())
+
+			_, err = cluster.clusterClient.Resource(gvrManifestWork).Namespace(cluster.clusterName).Update(
+				context.TODO(), mw, metav1.UpdateOptions{},
+			)
+			g.Expect(err).ToNot(HaveOccurred())
+		}, 30, 5).Should(Succeed())
+
+		Kubectl(
+			"annotate",
+			"ManagedCluster",
+			cluster.clusterName,
+			"policy.open-cluster-management.io/sync-policies-on-multicluster-hub-",
+		)
+
+		Kubectl("annotate", "-n", cluster.clusterName, "-f", case1ManagedClusterAddOnCR, "policy-addon-pause-")
+
+		// Wait for the ManifestWork to be updated to not reference the cluster namespace.
+		Eventually(func(g Gomega) {
+			mw := GetWithTimeout(clientDynamic, gvrManifestWork, case1MWName, cluster.clusterName, true, 15)
+			manifests, _, _ := unstructured.NestedSlice(mw.Object, "spec", "workload", "manifests")
+
+			for _, manifest := range manifests {
+				g.Expect(manifest.(map[string]interface{})["kind"]).ToNot(Equal("Namespace"))
+			}
+		}, 30, 5).Should(Succeed())
+
+		By(logPrefix + "deleting the managedclusteraddon")
+		Kubectl("delete", "-n", cluster.clusterName, "-f", case1ManagedClusterAddOnCR, "--timeout=90s")
+		deploy = GetWithTimeout(
+			cluster.clusterClient, gvrDeployment, case1DeploymentName, addonNamespace, false, 30,
+		)
+		Expect(deploy).To(BeNil())
 	})
 
 	It("should use the onMulticlusterHub value set in the custom annotation", func() {
