Merge pull request #1282 from dprince/csv_cleanup

Cleanup legacy OLM Subscription & CSVs

Author: openshift-merge-bot[bot]

config/operator/rbac/role.yaml

@@ -103,6 +103,17 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - operators.coreos.com
+  resources:
+  - clusterserviceversions
+  - installplans
+  - operators
+  - subscriptions
+  verbs:
+  - delete
+  - get
+  - list
 - apiGroups:
   - rbac.authorization.k8s.io
   resources:

controllers/operator/openstack_controller.go

@@ -23,6 +23,7 @@ import (
 	"path/filepath"
 	"sort"
 	"strings"
+	"time"
 
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/kubernetes"
@@ -31,6 +32,8 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
+	"k8s.io/apimachinery/pkg/runtime/schema"
+
 	"github.com/go-logr/logr"
 	condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
@@ -41,6 +44,7 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	uns "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )
@@ -58,7 +62,7 @@ type OpenStackReconciler struct {
 
 // GetLog returns a logger object with a prefix of "controller.name" and aditional controller context fields
 func (r *OpenStackReconciler) GetLogger(ctx context.Context) logr.Logger {
-	return log.FromContext(ctx).WithName("Controllers").WithName("OpenStackControlPlane")
+	return log.FromContext(ctx).WithName("Controllers").WithName("OpenStackOperator")
 }
 
 var (
@@ -110,6 +114,7 @@ func SetupEnv() {
 // +kubebuilder:rbac:groups=cert-manager.io,resources=issuers,verbs=get;list;watch;create;update;patch;delete;
 // +kubebuilder:rbac:groups=cert-manager.io,resources=certificates,verbs=get;list;watch;create;update;patch;delete;
 // +kubebuilder:rbac:groups="monitoring.coreos.com",resources=servicemonitors,verbs=list;get;watch;update;create
+// +kubebuilder:rbac:groups=operators.coreos.com,resources=clusterserviceversions;subscriptions;installplans;operators,verbs=get;list;delete;
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
@@ -228,12 +233,10 @@ func (r *OpenStackReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 		return r.reconcileDelete(ctx, instance, openstackHelper)
 	}
 
-	// TODO: cleanup obsolete resources here (remove old CSVs, etc)
-	/*
-	   if err := r.cleanupObsoleteResources(ctx); err != nil {
-	           return ctrl.Result{}, err
-	   }
-	*/
+	// cleanup obsolete resources here (remove old CSVs, etc)
+	if err := r.cleanupObsoleteResources(ctx, instance); err != nil {
+		return ctrl.Result{}, err
+	}
 
 	if err := r.applyManifests(ctx, instance); err != nil {
 		instance.Status.Conditions.Set(condition.FalseCondition(
@@ -245,6 +248,12 @@ func (r *OpenStackReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 		return ctrl.Result{}, err
 	}
 
+	// now that CRDs have been updated (with old olm.managed references removed)
+	// we can finally cleanup the old operators
+	if err := r.postCleanupObsoleteResources(ctx, instance); err != nil {
+		return ctrl.Result{RequeueAfter: time.Duration(5) * time.Second}, err
+	}
+
 	// Check if all deployments are running
 	deploymentsRunning, err := r.countDeployments(ctx, instance)
 	instance.Status.DeployedOperatorCount = &deploymentsRunning
@@ -422,6 +431,198 @@ func (r *OpenStackReconciler) renderAndApply(
 	return nil
 }
 
+func isServiceOperatorResource(name string) bool {
+	//NOTE: test-operator was deployed as a independant package so it may or may not be installed
+	//NOTE: depending on how watcher-operator is released for FR2 and then in FR3 it may need to be
+	// added into this list in the future
+	serviceOperatorNames := []string{"barbican", "cinder", "designate", "glance", "heat", "horizon", "infra",
+		"ironic", "keystone", "manila", "mariadb", "neutron", "nova", "octavia", "openstack-baremetal", "ovn",
+		"placement", "rabbitmq-cluster", "swift", "telemetry", "test"}
+
+	for _, item := range serviceOperatorNames {
+		if strings.Index(name, item) == 0 {
+			return true
+		}
+	}
+	return false
+}
+
+// cleanupObsoleteResources - deletes CSVs and subscriptions
+func (r *OpenStackReconciler) cleanupObsoleteResources(ctx context.Context, instance *operatorv1beta1.OpenStack) error {
+	Log := r.GetLogger(ctx)
+
+	csvGVR := schema.GroupVersionResource{
+		Group:    "operators.coreos.com",
+		Version:  "v1alpha1",
+		Resource: "clusterserviceversions",
+	}
+
+	subscriptionGVR := schema.GroupVersionResource{
+		Group:    "operators.coreos.com",
+		Version:  "v1alpha1",
+		Resource: "subscriptions",
+	}
+
+	installPlanGVR := schema.GroupVersionResource{
+		Group:    "operators.coreos.com",
+		Version:  "v1alpha1",
+		Resource: "installplans",
+	}
+
+	csvList := &uns.UnstructuredList{}
+	csvList.SetGroupVersionKind(csvGVR.GroupVersion().WithKind("ClusterServiceVersion"))
+	err := r.Client.List(ctx, csvList, &client.ListOptions{Namespace: instance.Namespace})
+	if err != nil {
+		return err
+	}
+	for _, csv := range csvList.Items {
+		Log.Info("Found CSV", "name", csv.GetName())
+		if isServiceOperatorResource(csv.GetName()) {
+			err = r.Client.Delete(ctx, &csv)
+			if err != nil {
+				if apierrors.IsNotFound(err) {
+					Log.Info("CSV not found on delete. Continuing...", "name", csv.GetName())
+					continue
+				}
+				return err
+			}
+			Log.Info("CSV deleted successfully", "name", csv.GetName())
+		}
+	}
+
+	subscriptionList := &uns.UnstructuredList{}
+	subscriptionList.SetGroupVersionKind(subscriptionGVR.GroupVersion().WithKind("Subscription"))
+	err = r.Client.List(ctx, subscriptionList, &client.ListOptions{Namespace: instance.Namespace})
+	if err != nil {
+		return err
+	}
+	for _, subscription := range subscriptionList.Items {
+		Log.Info("Found Subscription", "name", subscription.GetName())
+		if isServiceOperatorResource(subscription.GetName()) {
+			err = r.Client.Delete(ctx, &subscription)
+			if err != nil {
+				if apierrors.IsNotFound(err) {
+					Log.Info("Subscription not found on delete. Continuing...", "name", subscription.GetName())
+					continue
+				}
+				return err
+			}
+			Log.Info("Subscription deleted successfully", "name", subscription.GetName())
+		}
+	}
+
+	// lookup the installplan which has the clusterServiceVersionNames we removed above
+	// there will be just a single installPlan that has all of them referenced
+	installPlanList := &uns.UnstructuredList{}
+	installPlanList.SetGroupVersionKind(installPlanGVR.GroupVersion().WithKind("InstallPlan"))
+
+	err = r.Client.List(ctx, installPlanList, &client.ListOptions{Namespace: instance.Namespace})
+	if err != nil {
+		return err
+	}
+	for _, installPlan := range installPlanList.Items {
+		Log.Info("Found installPlan", "name", installPlan.GetName())
+		// this should have a list containing the CSV names of all the old/legacy service operator CSVs
+		csvNames, found, err := uns.NestedSlice(installPlan.Object, "spec", "clusterServiceVersionNames")
+		if err != nil {
+			return err
+		}
+		if found {
+			// just checking for the first one should be sufficient
+			if isServiceOperatorResource(csvNames[0].(string)) {
+				err = r.Client.Delete(ctx, &installPlan)
+				if err != nil {
+					if apierrors.IsNotFound(err) {
+						Log.Info("Installplane not found on delete. Continuing...", "name", installPlan.GetName())
+						continue
+					}
+					return err
+				}
+				Log.Info("Installplan deleted successfully", "name", installPlan.GetName())
+			}
+		}
+	}
+
+	return nil
+
+}
+
+// postCleanupObsoleteResources - deletes CSVs for old service operator bundles
+func (r *OpenStackReconciler) postCleanupObsoleteResources(ctx context.Context, instance *operatorv1beta1.OpenStack) error {
+	Log := r.GetLogger(ctx)
+
+	operatorGVR := schema.GroupVersionResource{
+		Group:    "operators.coreos.com",
+		Version:  "v1",
+		Resource: "operators",
+	}
+
+	// finally we can remove operator objects as all the refs have been cleaned up:
+	// 1) CSVs
+	// 2) Subscriptions
+	// 3) CRD olm.managed references removed
+	// 4) installPlan from old service operators removed
+	operatorList := &uns.UnstructuredList{}
+	operatorList.SetGroupVersionKind(operatorGVR.GroupVersion().WithKind("Operator"))
+	err := r.Client.List(ctx, operatorList, &client.ListOptions{Namespace: instance.Namespace})
+	if err != nil {
+		return err
+	}
+	for _, operator := range operatorList.Items {
+		Log.Info("Found Operator", "name", operator.GetName())
+		if isServiceOperatorResource(operator.GetName()) {
+
+			refs, found, err := uns.NestedSlice(operator.Object, "status", "components", "refs")
+			if err != nil {
+				return err
+			}
+			if found {
+
+				// The horizon-operator.openstack-operators has references to old roles/bindings
+				// the code below will delete those references before continuing
+				for _, ref := range refs {
+					refData := ref.(map[string]interface{})
+					Log.Info("Deleting operator reference", "Reference", ref)
+					obj := uns.Unstructured{}
+					obj.SetName(refData["name"].(string))
+					obj.SetNamespace(refData["namespace"].(string))
+					apiParts := strings.Split(refData["apiVersion"].(string), "/")
+					objGvk := schema.GroupVersionResource{
+						Group:    apiParts[0],
+						Version:  apiParts[1],
+						Resource: refData["kind"].(string),
+					}
+					obj.SetGroupVersionKind(objGvk.GroupVersion().WithKind(refData["kind"].(string)))
+
+					// references from CRD's should be removed before this function is called
+					// but this is a safeguard as we do not want to delete them
+					if refData["kind"].(string) != "CustomResourceDefinition" {
+						err = r.Client.Delete(ctx, &obj)
+						if err != nil {
+							if apierrors.IsNotFound(err) {
+								Log.Info("Object not found on delete. Continuing...", "name", obj.GetName())
+								continue
+							}
+							return err
+						}
+					}
+				}
+
+				return fmt.Errorf("Requeuing/Found references for operator name: %s, refs: %v", operator.GetName(), refs)
+			}
+			// no refs found so we should be able to successfully delete the operator
+			err = r.Client.Delete(ctx, &operator)
+			if err != nil {
+				return err
+			}
+			Log.Info("Operator deleted successfully", "name", operator.GetName())
+		}
+	}
+
+	return nil
+
+}
+
 // SetupWithManager sets up the controller with the Manager.
 func (r *OpenStackReconciler) SetupWithManager(mgr ctrl.Manager) error {
 

hack/export_operator_related_images.sh

@@ -1,23 +1,23 @@
 # NOTE: this file is automatically generated by hack/sync-bindata.sh!
 
-export RELATED_IMAGE_BARBICAN_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/barbican-operator@sha256:e72c46447b50a78e9b0c60884c16fefd07501f4d199a7702126f811c1d13fd28
-export RELATED_IMAGE_CINDER_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/cinder-operator@sha256:b25b8c1d3f786804bd1f0e6e676d5630dc5403ab833a0a76de53068065dbdfbe
-export RELATED_IMAGE_DESIGNATE_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/designate-operator@sha256:1dd77b9c7b0321f80baa4324d333df336aed10ec8fdd04f0edd735fbe1cf5cd5
-export RELATED_IMAGE_GLANCE_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/glance-operator@sha256:27c0b5c7d671ae3b405ea800999e8d1edf01fe91688a3e542011e7f4b09dcacb
-export RELATED_IMAGE_HEAT_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/heat-operator@sha256:68aa95ce80e33704b6052b0ba1c071ff2fe364d220b8d0f5f667724f473bd47d
-export RELATED_IMAGE_HORIZON_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/horizon-operator@sha256:6e292a7c2f7b620ccdf6135cc949d82840db0d2c88440464345fae94d7104c51
-export RELATED_IMAGE_INFRA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/infra-operator@sha256:d4e6e3701328a25c0d6ae0a765cdffb2436387eb07bbb5a57211c67744ba41fe
+export RELATED_IMAGE_BARBICAN_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/barbican-operator@sha256:18980b0f85f4bfbdd41e2c5a05ac9eb3df208ac20f7d4b2f8fe0bb7c438c46d5
+export RELATED_IMAGE_CINDER_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/cinder-operator@sha256:92cd06506f633fbd36e3b0d0e145835304f3f8e197515c90a05974faabe4d491
+export RELATED_IMAGE_DESIGNATE_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/designate-operator@sha256:16e1770edc2c621ac89fdca5a10d8110bd5b43249ad1aa3d0369c1892cb4053f
+export RELATED_IMAGE_GLANCE_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/glance-operator@sha256:3376b637ae0249423be1a8b539b7e7c54a285194fb8a9095062f24a65600c3d5
+export RELATED_IMAGE_HEAT_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/heat-operator@sha256:aa30e36c7cf183f3aa63e90794ea6cb2d191c29cf6825bba19a19e855a8360ed
+export RELATED_IMAGE_HORIZON_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/horizon-operator@sha256:a7fda492ec0dfd798bf1315b6ee828c4febe898aa918b6b0107664d6dcbd6a81
+export RELATED_IMAGE_INFRA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/infra-operator@sha256:73741d7f4e713753311001cbea234ad77c70e834e7c2b03eec2ca37c372a9fcb
 export RELATED_IMAGE_IRONIC_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/ironic-operator@sha256:bad53185041f6003f3f573df9bbf248aa1c47a1060abcb5410201d74bcb08829
-export RELATED_IMAGE_KEYSTONE_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/keystone-operator@sha256:b1a3a9b879758fa42c1fc5acb23d5f6435405a2977504d8cdfa72aaba373955f
-export RELATED_IMAGE_MANILA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/manila-operator@sha256:f33d7eda4988244f7b5a2d84f7054b5e6b70b02aa05aca82455b837a6295a9ab
-export RELATED_IMAGE_MARIADB_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/mariadb-operator@sha256:c8911c5d0eb1797e4440cf095c68e4129bbfc775d216d7a8d0f9cfe0a16f0967
-export RELATED_IMAGE_NEUTRON_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/neutron-operator@sha256:b120ee4d49ff8ab19b89bc68b10f8cbbd6b3bb2cee68c597b591e79be8dce92d
-export RELATED_IMAGE_NOVA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/nova-operator@sha256:e02e1374ce6458d1663c615d07fdaa2f1aad273ef7d94d58121b9a5c4522e8cd
-export RELATED_IMAGE_OCTAVIA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/octavia-operator@sha256:afb2f4458c83ba266815c744aff5bb32301a9510771b93378923af47e0769975
-export RELATED_IMAGE_OPENSTACK_BAREMETAL_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/openstack-baremetal-operator@sha256:919ecaf79f2094441b54972cc1752119b78bff4bd5d1c781083fe4205aeee196
-export RELATED_IMAGE_OVN_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/ovn-operator@sha256:f23d456960ef674272cb4306cffbf7d14b2b340156a145ae7b653255e57d372e
+export RELATED_IMAGE_KEYSTONE_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/keystone-operator@sha256:f5a15209a080f124c2ab9febb2ad9b65af1422d0cd066ec8c6a6abd8e1fd0e84
+export RELATED_IMAGE_MANILA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/manila-operator@sha256:72a1bef77126188f623eeae40b07359f111d720585e13c991c576c36ef5da3a7
+export RELATED_IMAGE_MARIADB_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/mariadb-operator@sha256:9340b805296c23e21833a37afe99e0e139a161d26edcf5c7a7b9a63529516bf0
+export RELATED_IMAGE_NEUTRON_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/neutron-operator@sha256:f9dc32cc86d8320306716e5e99977b9a9b360e2c0fe2b0ea4da440663198b358
+export RELATED_IMAGE_NOVA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/nova-operator@sha256:a373a561a5c99998f6eb4afb5b48350709ca2dd2b127fe3d323baa758eba751d
+export RELATED_IMAGE_OCTAVIA_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/octavia-operator@sha256:fef6a050193789bce817ceff852f4bf4a6f9ffbbd7b59494f1465f1c9d951c11
+export RELATED_IMAGE_OPENSTACK_BAREMETAL_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/openstack-baremetal-operator@sha256:f515dbdddef5cd1c3318ad370d987b2a5a24e10310cdf61f5ff55676264ffd30
+export RELATED_IMAGE_OVN_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/ovn-operator@sha256:b32720841ecf8460dad4a48760915b2bfa16b07156288917d86451a24a5eb7f9
 export RELATED_IMAGE_PLACEMENT_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/placement-operator@sha256:f25a277c9ed1bb6fbe3fd4eb8b71d8a771dc5fc9aff9e0064ced552ba7b5fc9b
 export RELATED_IMAGE_RABBITMQ_CLUSTER_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/rabbitmq-cluster-operator@sha256:225524223bf2a7f3a4ce95958fc9ca6fdab02745fb70374e8ff5bf1ddaceda4b
-export RELATED_IMAGE_SWIFT_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/swift-operator@sha256:c5550d38a452a76cf4c17967bc36b2c722411a2f499366112f9b013918827434
-export RELATED_IMAGE_TELEMETRY_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/telemetry-operator@sha256:fd6325fa52405a28129fdf0bde69429758f053ef58d53bc63756f91906b84cc0
+export RELATED_IMAGE_SWIFT_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/swift-operator@sha256:65d6dd43bf86a5de20fa34debcf105e5b7282ffe5d5108322e252132e12ea6e2
+export RELATED_IMAGE_TELEMETRY_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/telemetry-operator@sha256:91ea9e8572089079c528d46b993383cf5adc498ac1498849bf3f002a63228943
 export RELATED_IMAGE_TEST_OPERATOR_MANAGER_IMAGE_URL=quay.io/openstack-k8s-operators/test-operator@sha256:02489c6cf6a839478d19f7b0926e7ee701c95554e483a44fa759031bbee60929

pkg/operator/bindata/merge.go

@@ -205,6 +205,10 @@ func mergeLabels(current, updated *uns.Unstructured) {
 		curLabels["openstack.openstack.org/managed"] = "true"
 	}
 
+	// remove the olm.managed label this allows cleanup of the operator objects
+	// from legacy service operator deployments prior to FR2
+	delete(curLabels, "olm.managed")
+
 	updated.SetLabels(curLabels)
 }